Confirming that launching Cylera's polyglot pedicom-cylera.dcm file from cmd.exe actually runs it as an executable (!), although it's unrecognized format on the machine. This is a really weird behavior and could indicate something worse in the way Windows are "launching" files.https://twitter.com/Cylera_/status/1118262328313692160 …
-
-
Okay, no problem if such file gets scanned for known malware but not somehow blocked or flagged just for looking like a PE. However, relative to our recent debate on AVs skipping files with signatures, I doubt they'll want to add more workload.
-
FWIW many AVs check file content on access/writing -- they don't care about file extensions too much
End of conversation
New conversation -
-
-
This Tweet is unavailable.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.