VirusTotal Reveals Claims of Critical Flaws in Google’s Antivirus Service

This article has been indexed from

CySecurity News – Latest Information Security and Hacking Incidents

 

There have been questions raised regarding the credibility of research that claims to reveal a severe vulnerability in VirusTotal, a Google-owned antivirus comparison and threat intel service. 
VirusTotal (VT) is a service that enables security researchers, system administrators, and others to evaluate suspicious files, domains, IP addresses, and URLs using an aggregated service that includes close to 70 antivirus vendors and scan engines. The security community, including, but not limited to, the vendors who maintain the scanning engines used by VT, receives samples provided through the service automatically. 
 In a blog post published on Tuesday, Israel-based cybersecurity education platform provider Cysource claims researchers were able to “execute commands remotely within [the] VirusTotal platform and gain access to its various scans capabilities”. 
A doctored DJVU file with a malicious payload added to the file’s metadata is used in the attack. To accomplish remote code execution (RCE) and a remote shell, this payload exploits the CVE-2021-22204 vulnerability in Exiftool, a metadata analysis tool.
In April 2021, Cysource researchers presented their findings to Google’s VRP, which were addressed a month later. VirusTotal claims that instead

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

Read the original article:

Liked it? Take a second to support IT Security News on Patreon!
Become a patron at Patreon!