Adobe Reader | Breaking Cybersecurity News | The Hacker News

A year back, Security Researchers from the Antivirus firm Kaspersky found a sophisticated piece of malware which they dubbed as ' MiniDuke ', designed specifically to collect and steal strategic insights and highly protected political information, which is a subject to states' security. Now, once again the MiniDuke virus is spreading in wild via an innocent looking but fake PDF documents related to Ukraine , while the researcher at F-Secure were browsing the set of extracted decoy documents from a large batch of potential MiniDuke Samples. " This is interesting considering the current crisis in the area ," Mikko Hypponen, the CTO of security research firm F-Secure, wrote on Tuesday. The Hacker News reported a year ago about the malicious malware that uses an exploit ( CVE-2013-0640 ) of the famous and actively used Adobe Reader . MiniDuke malware written in assembly language with its tiny file size (20KB), and uses hijacked Twitter accounts for Command &a

Microsoft has  released  11 Security Patch this Tuesday, including one for CVE-2013-5065  zero-day vulnerability, recently discovered Local privilege escalation vulnerability that could allow a hacker to launch an attack using corrupted TIFF images to take over victims' computers. FireEye researchers said they found the exploit in the wild being used alongside a PDF-based exploit against a patched Adobe Reader vulnerability. December's Patch Tuesday update bundle brings five bulletins ranked critical, including a patch for a vulnerability that could allow remote code execution in Internet Explorer and another remote code execution vulnerability in Office and Microsoft Server is also addressed. Other patches addressing remote code execution vulnerabilities in Lync, all versions of Office and Microsoft Exchange. All supported versions of Windows, from XP to RT and 8.1, are affected by at least one of the critical vulnerabilities. The Six Security bulletins rated important de

Super Low RPO with Continuous Data Protection: Dial Back to Just Seconds Before an Attack Zerto , a Hewlett Packard Enterprise company, can help you detect and recover from ransomware in near real-time. This solution leverages continuous data protection (CDP) to ensure all workloads have the lowest recovery point objective (RPO) possible. The most valuable thing about CDP is that it does not use snapshots, agents, or any other periodic data protection methodology. Zerto has no impact on production workloads and can achieve RPOs in the region of 5-15 seconds across thousands of virtual machines simultaneously. For example, the environment in the image below has nearly 1,000 VMs being protected with an average RPO of just six seconds! Application-Centric Protection: Group Your VMs to Gain Application-Level Control   You can protect your VMs with the Zerto application-centric approach using Virtual Protection Groups (VPGs). This logical grouping of VMs ensures that your whole applica

McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface (API), while Reader alerts a user when they are going to call on a resource from another place. The issue is not a serious problem and does not allow for remote code execution, but McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2. " We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an 'email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks ," wrote McAfee's Haifei Li. McAfee declined to reveal the details of the vulnerability as Adobe i

Exploit kits are one of the dangerous cyber crime tool, where The Phoenix Exploit Kit is a good example of exploit packs used to exploit vulnerable software on the computers of unsuspecting Internet users. The Phoenix Exploit Kit is available for a base price of $2,200 in underground market by its malware author or developer.  Like other exploit kits , Phoenix also developed to exploit browser-based  vulnerabilities in outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader. Developer of Phoenix is known by nickname AlexUdakov on several forums. According to new investigation report published by  krebsonsecurity , AlexUdakov was also member of a forum called Darkode , whose administrator accounts were compromised few weeks before and that the intruders were able to gain access to private communications of the administrators.  Intruders was able to view full profiles and database of Darkode members, as well as the private email addres

FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions. According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server. No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. " We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files ," said FireEye team. But until the vulnerability gets patched,