A staggering 200 million users of streaming platforms such as Popcorn Time, Kodi, Stremio and VLC are believed to be vulnerable, say researchers at Check Point. They describe it as 'one of the most widespread, easily accessed and zero-resistance vulnerabilities reported in recent years'.

The hack only affects subtitle files from third-party sites - watching a legitimate copy with its own subtitles should be fine.

But the attack can affect any device: a PC, smart TV or even a mobile device. It's delivered when movie subtitles are loaded by the user’s media player - which treats them as a trusted source. And the subtitle repositories can even be manipulated into giving the malicious subtitles a higher score, making them more likely to be served up to the user.

  source: securityweek.com

Late last year, a study by the US National Institute of Standards and Technology (NIST) took an in-depth look at a phenomenon called “security fatigue.” Researchers found that a majority of individuals they interviewed (20 to 60 year olds in a variety of jobs and in rural, urban and suburban environments) experience a weariness or reluctance to deal with computer security. Being bombarded every day by an increasing number of warnings and bad news about the latest attack isn’t bolstering their resolve to deal with the bad guys. In fact, they’re feeling a sense of resignation and loss of control. That isn’t to say we should stop the awareness and education, but we need to devise better and easier ways to empower individuals to protect themselves. 

We’re seeing security fatigue on the corporate side as well, but with a twist. Organizations are growing weary of the same old stream of promises they’ve heard from security vendors for years. “We’ll help you consolidate dozens of security vendors for more effective and simpler protection.” Or, “We’ll provide a single pane of glass and all your security visibility and management headaches will go away.” But all this talk is just that – talk.