Hackers are now using subtitle files to take over devices

Vivek Sharma -

The victim's PC can be taken over within seconds via remote access once the malicious subtitle file is played alongside a video file. — Check Point

 Fresh off the WannaCry ransomware and Adylkuzz cryptocurrency miner exploits, another major vulnerability targeting video subtitles has come to light.

According to security research firm Check Point, attackers are now creating malicious files disguised as subtitles, that are then uploaded to popular subtitles repositories widely available on the Internet.

While it’s still safe for users to download the files onto their devices, the attack will happen when users play a video alongside the malicious subtitle file.

According to the demo provided by Check Point, attackers will be able to take over the victim’s device within seconds after the video is played (where the malicious file is executed in the background).

Check Point estimated that over 200 million people around the world are at risk of the attack, making it one of the most widespread, easily accessed and zero-resistance vulnerabilities reported in recent years.

The security firm says that once attackers gain access to the victim’s PC, the possible damage is endless ranging from stealing sensitive information, installing ransomware to mass Denial of Service (DoS) attacks.



 If you happen to be one of those who are downloading subtitles on free online sources such as Subscene, YIFY Subtitles and OpenSubtitles, watch out as you might be unknowingly downloading malicious subtitle files.

What makes it so dangerous is the fact that many of the subtitles repositories are treated as trusted sources, allowing anyone to upload subtitles which are then downloaded by millions of users globally.

“The attack vector relies heavily on the poor state of security in the way various media players process subtitle files and the large number of subtitle formats,” according to the blog post by Check Point.

It says that there are over 25 subtitle formats in use, each with unique features and capabilities, along with how the different types of media players make use of these subtitles.

Check Point likens it to similar situations involving fragmented software, resulting in numerous distinct vulnerabilities.

The firm pointed out that four popular media players such as VLC, Kodi, Popcorn Time and Streamio are affected by the vulnerability.

It also believes that a similar vulnerability exists in other media players.

If you happen to be running the older versions of the media players, it’s best to update them right now as the developers have issued fixes on their respective websites.

Source: http://www.thestar.com.my/tech/tech-news/2017/05/24/hackers-are-now-using-subtitle-files-to-take-over-victim-s-device/

Popular Posts

A Complete Guide for SEO in 2019

Vivek Sharma -
Image
The Definitive Guide To SEO In 2019 This is the ultimate guide to SEO in 2019. And let me be clear about something: This is NOT a lame “SEO in 2019” predictions post. Instead, you’re going to see tested strategies that are working right now… and will work even better in 2019. So if you’re looking to up your SEO game this year, you’ll love this guide. Let’s dive right in. CHAPTER 1: RankBrain & UX Signals RankBrian and User Experience Signals User experience signals were HUGE this year. And I expect them to be even more important in 2019. In fact, Google previously announced that RankBrain was their third most important ranking factor: “In the few months it has been deployed, RankBrain has become the third-most important signal contributing to the result of a search query.” The question is: What is RankBrain, exactly? And how can you optimize for it? Google RankBrain: a Dead-Simple Explanation RankBrain  is a machine
Read full blog »

104 Helpful SEO Questions & Answers for Interview

Vivek Sharma -
Image
Discover all you need to know with these latest SEO questions and answers and embark on a successful SEO journey! Keep digging! 1. What is SEO & why is it so important? Ans.  In simple words, SEO or Search Engine Optimization denotes to any activity performed for the improvement of Search Engine rankings of websites, products, services or other content. It shows unpaid results which is also referred to as “free”, “organic”, “natural” or “earned” results. The importance of SEO starts with the desire of the companies to gain more traffic for their websites. The ranking over search engines matter because users pay more heed to the first 5 searches on Google. Moreover, the users tend to trust Google’s refined search results because they consider these searches to be more authentic and specific. 2. What is a Search Engine? Ans.  A search engine is a web-based software system which is developed to search and locate relevant information on the World Wide Web. Search engi
Read full blog »

How To Add Schema Markup To Your Wix Website?

Vivek Sharma -
Image
Adding Schema.org Markup Schema.org creates a structured data markup schema, which is supported by most major search engines. Adding schema markup can help search engines display a richer snippet of your pages in search results. It does so by providing search engines with additional information about the page content, which is then displayed beneath the page title in search results.  Click  here  to read more about Schema.org. Step 1 | Generate your schema markup Some of your site's content already contains schema markup, such as blog posts and your Wix Stores pages. To generate schema markup for other pages of your site we recommend using  this tool . You may also choose to use  Google's markup generator .  Step 2 | Add your schema markup to your Wix site 1  Sign in to your Wix account. 2  Go to your  Site Manager .  3  Click Tracking & Analytics.  4  Click + New Tool and select Custom from the dropdown.  5  Set up your Schema.org code: 5  Ente
Read full blog »