Adobe Reader | Breaking Cybersecurity News | The Hacker News

If you're one of the 400 million Android users out there who have installed Adobe Reader app that helps you to view PDF documents on mobile devices, then you should immediately update your app from Google Play Store. Adobe has released an updated Adobe Reader 11.2.0 version to addresses an important vulnerability that could be exploited to gain 'remote code execution' ability on the affected system. According to the Adobe  advisory , vulnerability ( CVE-2014-0514 ) resides in the implementation of JavaScript APIs on Adobe Reader 11.2 that could be exploited to execute arbitrary code within Adobe Reader. Adobe vulnerability discovered by security researcher  Yorick Koster of Securify BV , claimed that an attacker can create a specially crafted PDF file containing malicious JavaScript code that triggers when the victim will try to open it using affected Adobe Reader for Android Operating System. Multiple attack vectors are available to deploy a malicio...

A year back, Security Researchers from the Antivirus firm Kaspersky found a sophisticated piece of malware which they dubbed as ' MiniDuke ', designed specifically to collect and steal strategic insights and highly protected political information, which is a subject to states' security. Now, once again the MiniDuke virus is spreading in wild via an innocent looking but fake PDF documents related to Ukraine , while the researcher at F-Secure were browsing the set of extracted decoy documents from a large batch of potential MiniDuke Samples. " This is interesting considering the current crisis in the area ," Mikko Hypponen, the CTO of security research firm F-Secure, wrote on Tuesday. The Hacker News reported a year ago about the malicious malware that uses an exploit ( CVE-2013-0640 ) of the famous and actively used Adobe Reader . MiniDuke malware written in assembly language with its tiny file size (20KB), and uses hijacked Twitter accounts for Command ...

Microsoft has  released  11 Security Patch this Tuesday, including one for CVE-2013-5065  zero-day vulnerability, recently discovered Local privilege escalation vulnerability that could allow a hacker to launch an attack using corrupted TIFF images to take over victims' computers. FireEye researchers said they found the exploit in the wild being used alongside a PDF-based exploit against a patched Adobe Reader vulnerability. December's Patch Tuesday update bundle brings five bulletins ranked critical, including a patch for a vulnerability that could allow remote code execution in Internet Explorer and another remote code execution vulnerability in Office and Microsoft Server is also addressed. Other patches addressing remote code execution vulnerabilities in Lync, all versions of Office and Microsoft Exchange. All supported versions of Windows, from XP to RT and 8.1, are affected by at least one of the critical vulnerabilities. The Six S...

If you invite guest users into your Entra ID tenant, you may be opening yourself up to a surprising risk.  A gap in access control in Microsoft Entra's subscription handling is allowing guest users to create and transfer subscriptions into the tenant they are invited into, while maintaining full ownership of them.  All the guest user needs are the permissions to create subscriptions in their home tenant, and an invitation as a guest user into an external tenant. Once inside, the guest user can create subscriptions in their home tenant, transfer them into the external tenant, and retain full ownership rights. This stealthy privilege escalation tactic allows a guest user to gain a privileged foothold in an environment where they should only have limited access. Many organizations treat guest accounts as low-risk based on their temporary, limited access, but this behavior, which works as designed, opens the door to known attack paths and lateral movement within the resource t...

McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface (API), while Reader alerts a user when they are going to call on a resource from another place. The issue is not a serious problem and does not allow for remote code execution, but McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2. " We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an 'email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks ," wrote McAfee's Haifei Li. McAfee declined to reveal the details of the vulnerability as Adobe i...

Exploit kits are one of the dangerous cyber crime tool, where The Phoenix Exploit Kit is a good example of exploit packs used to exploit vulnerable software on the computers of unsuspecting Internet users. The Phoenix Exploit Kit is available for a base price of $2,200 in underground market by its malware author or developer.  Like other exploit kits , Phoenix also developed to exploit browser-based  vulnerabilities in outdated and insecure versions of browser plugins like Java, and Adobe Flash and Reader. Developer of Phoenix is known by nickname AlexUdakov on several forums. According to new investigation report published by  krebsonsecurity , AlexUdakov was also member of a forum called Darkode , whose administrator accounts were compromised few weeks before and that the intruders were able to gain access to private communications of the administrators.  Intruders was able to view full profiles and database of Dar...

FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions. According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server. No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. " We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files ," said FireEye team. But until the vulnerability gets patched,...

Trojan.Stabuniq geographic distribution by unique IP address Security researchers from Symantec have identified a new Trojan that appears to be targeting financial institutions. Dubbed Trojan.Stabuniq , the malware has been collecting information from infected systems potentially for the preparation of a more damaging attack. According to researchers , roughly 40 IP addresses infected with the Stabuniq Trojan, 40% per cent belong to financial institutions who are mostly based in Chicago and New York. The malware appears to be spread by a phishing attack through spam e-mail containing a link to the address of a server hosting a Web exploit toolkit . Such toolkits are commonly used to silently install malware on Web users' computers by exploiting vulnerabilities in outdated browser plug-ins like Flash Player , Adobe Reader , or Java. These attacks can be very simple, such as a written email from a prince in Nigeria asking for bank account...

A Gold Coast, Australian medical centre computers are infected with some ransom malware by a group of Russian hackers . The hackers encrypted the practice's patient database, demanding payment of $4000 for the files to be decrypted. " Cyber criminals based mainly throughout Eastern Europe look for rich targets, places with identifying information to extort, " Mr Phair, director of the Centre for Internet Safety and a former investigator with the Australian High-Tech Crime Centre. There have been 11 similar offences in Queensland this year, according to police. David Wood, Miami Family Medical Centre's co-owner said, " We've got all the anti-virus stuff in place - there's no sign of a virus. They literally got in, hijacked the server and then ran their encryption software ". The server with encrypted information is being held offline and an IT contractor is working with the practice to restore a backup of patient records. IT security exper...

Group-IB , a Russian cybercrime investigation company has discovered a zero-day vulnerability, affects Adobe Reader X and Adobe Reader XI. The vulnerability is also included in new modified version of Blackhole Exploit-Kit , which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software. The particular exploit is available in underground forums for as much as $50,000 and bug is dangerous because it permits cybercriminals to run arbitrary shellcode by bypassing the sandbox feature integrated into the more recent versions of Adobe Reader. For now this flaw is distributed only in only small circles of the underground but it has the potential for much larger post-exploitation methods. The exploit is limited to  Microsoft Windows installations of Adobe Reader and it can't be fully executed until the user closes his Web browser (...

Last week, Mozilla announced it will prompt Firefox users on Windows with old versions of Adobe Reader, Adobe Flash, and Microsoft Silverlight, but refused to detail how the system will work. Finally today  Firefox 17 is now in beta and with it is a very cool feature, click-to-play plugins. When a user lands on a site that requires the use of a plugin, say Adobe Flash, if the version running in the user's browser is on the list of known vulnerable applications, Mozilla will disable it and show the user a message saying that she needs to update the plugin. " By combining the safety of the blocklist with the flexibility of click-to-play, we now have an even more effective method of dealing with vulnerable or out-of-date plugins. " Mozilla wrote on blog. Mozilla is still working on implementing the controls, which would allow you to block all plugins by default and then pick where you want them to run. As already mentioned, this feature will be enabled by ...