New Training Course – Android Forensics – No $5 Wrench Required!

This course discusses the growing number of challenges
facing forensic examiners, reverse engineers, and law enforcement agencies when
working with a modern Android device.  Attendees will learn novel techniques for
evidence extraction, bypassing security features, and basic malware analysis
techniques.
With new tactics developed by one of our researchers, we’re excited to announce that we can unlock certain up-to-date Android devices for forensic analysis.  Send us a note, we will be scheduling a date for the new course within the next weeks stay tuned!

20 Million Users Vulnerable to Cisco’s WebEx Browser Extention

The vulnerability was discovered by Tavis Ormandy a well known security researcher and privately reported to Cisco which was patched on Monday January 23rd, 2017.  The seriousness of the issue was the seemingly trivial exploitation vector.

“All that’s required for a malicious or compromised website to exploit the vulnerability is to host a file or other resource that contains the string “cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html” in its URL. That’s a “magic” pattern the WebEx service uses to remotely start a meeting on visiting computers that have the Chrome extension installed.”

If you haven’t done so, UPDATE or UNINSTALL the WebEx extension to remove the vulnerability.  More information on the patch can be found here:  Cisco Security Advisory

Kudos to Cisco on producing a patch in two days!