#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Polyglot | Breaking Cybersecurity News | The Hacker News

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus
Sep 04, 2023 Cyber Threat / Malware
Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed  MalDoc in PDF  by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF," researchers Yuma Masubuchi and Kota Kino  said . "If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors." Such specially crafted files are called  polyglots  as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC). This entails adding an MHT file created in Word and with a macro attached after the PDF file object. The end result is a valid PDF file that can also be opened in the Word application. Put differently; the PDF document embeds within itself a Word document with a VB

Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar

Cybercriminals Using Polyglot Files in Malware Distribution to Fly Under the Radar
Jan 13, 2023 Cyber Threat / Malware Detection
Remote access trojans such as StrRAT and Ratty are being distributed as a combination of polyglot and malicious Java archive ( JAR ) files, once again highlighting how threat actors are continuously finding new ways to fly under the radar. "Attackers now use the polyglot technique to confuse security solutions that don't properly validate the JAR file format," Deep Instinct security researcher Simon Kenin  said  in a report. Polyglot files  are files that combine syntax from two or more different formats in a manner such that each format can be parsed without raising any error. One such 2022 campaign spotted by the cybersecurity firm involves the use of JAR and MSI formats – i.e., a file that's valid both as a JAR and an MSI installer – to deploy the StrRAT payload. This also means that the file can be executed by both Windows and Java Runtime Environment (JRE) based on how it's interpreted. Another instance involves the use of CAB and JAR polyglots to deli

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl

How to Accelerate Vendor Risk Assessments in the Age of SaaS Sprawl
Mar 21, 2024SaaS Security / Endpoint Security
In today's digital-first business environment dominated by SaaS applications, organizations increasingly depend on third-party vendors for essential cloud services and software solutions. As more vendors and services are added to the mix, the complexity and potential vulnerabilities within the  SaaS supply chain  snowball quickly. That's why effective vendor risk management (VRM) is a critical strategy in identifying, assessing, and mitigating risks to protect organizational assets and data integrity. Meanwhile, common approaches to vendor risk assessments are too slow and static for the modern world of SaaS. Most organizations have simply adapted their legacy evaluation techniques for on-premise software to apply to SaaS providers. This not only creates massive bottlenecks, but also causes organizations to inadvertently accept far too much risk. To effectively adapt to the realities of modern work, two major aspects need to change: the timeline of initial assessment must shorte
Cybersecurity Resources