The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for PDF

Researchers Find New Hack to Read Content Of Password Protected PDF Files

Researchers Find New Hack to Read Content Of Password Protected PDF Files

October 01, 2019Mohit Kumar
Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances. Dubbed PDFex , the new set of techniques includes two classes of attacks that take advantage of security weaknesses in the standard encryption protection built into the Portable Document Format, better known as PDF. To be noted, the PDFex attacks don't allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document. In other words, PDFex allows attackers to modify a protected PDF document, without having the corresponding password, in a way that when opened by someone with the right password, the file will automatically send out a copy of the decry
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

February 23, 2021Ravie Lakshmanan
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called " Shadow attacks " by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant." The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that's expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed. "The signers of the PDF receive the document, review it, and s
Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

May 29, 2021Ravie Lakshmanan
Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certified content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels,"  said  researchers from Ruhr-University Bochum, who have  systematically   analyzed  the security of the PDF specification over the years. The findings were presented at the 42nd IEEE Symposium on Security and Privacy ( IEEE S&P 2021 ) held this week. The two attacks — dubbed  Evil Annotation and Sneaky Signature attacks  — hinge on manipulating the PDF certification process by exploiting flaws in the specification that governs the implementation of digital signatures (aka approval signature) and its more flexible variant called certifica
#OpGoogle - Operation Google started by Anonymous Hackers !

#OpGoogle - Operation Google started by Anonymous Hackers !

March 06, 2011Mohit Kumar
#OpGoogle - Operation Google started by Anonymous Hackers !  #OPGoogle (Operation Google) : Mar 6 At 18:00 GMT+1. IRC CHAN : #oPGoogle . GUIDES : https://bit.ly/gFFTM5 .  The complete press release as shown below : #OpGoogle INDEX #1. English - done #2. Spanish - done #3. German - not yet, translators needed. #4. French - done #1 English Phase 1 - Spread & Infect We need to attract support, this is a very mandatory step to get strenght against Google. Must use Facebook, Twitter and and any social network you use. Twitter of the op is https://twitter.com/opdogfight Follow and retweet. Any other way of spread are also welcome, like 4chan, youtube, and so on. Phase 2 - Faxstorming campaign Step #1 Create an account in https://mailinator.com/index.jsp (ie sample@mailinator.com) Put in "Check your Inbox!" Step #2 Hide you behind a proxy (ie https://blackproxy.pl https://nntime.com/proxy-country/ https://www.samair.ru/proxy/type-01.htm
Origami 1.0 released - Pdf manipulation framework !

Origami 1.0 released - Pdf manipulation framework !

May 26, 2011Mohit Kumar
Origami is a framework for PDF documents manipulation written in pure Ruby. It can be used to analyze or create malicious PDF documents. Being written in Ruby, the core engine of Origami is totally scriptable and can be used for automated tasks on large sets of documents. A GTK graphical interface is also available for manually browsing through the inner objects of a PDF document. The philosophy behind Origami is the following: Support for both reading and writing to PDF documents. Origami is able to create documents from scratch, read existing documents and modify them. Each new feature added must be compatible with reading and writing. Handling a large subset of the PDF specification. Origami focuses on features from the PDF specification which can be used to obfuscate documents or provide offensive capabilities. Being flexible and extensible. Origami can be used in many ways, even if you are new to the Ruby language. Origami supports many advanced features of the PDF specific
Microsoft Releases 9 Security Updates to Patch 34 Vulnerabilities

Microsoft Releases 9 Security Updates to Patch 34 Vulnerabilities

August 10, 2016Mohit Kumar
In Brief Microsoft's August Patch Tuesday offers nine security bulletins with five rated critical, resolving 34 security vulnerabilities in Internet Explorer (IE), Edge, and Office, as well as some serious high-profile security issues with Windows. A security bulletin, MS16-102 , patches a single vulnerability (CVE-2016-3319) that could allow an attacker to control your computer just by getting you to view specially-crafted PDF content in your web browser. Users of Microsoft Edge on Windows 10 systems are at a significant risk for remote code execution (RCE) attacks through a malicious PDF file. Web Page with PDF Can Hack Your Windows Computer Since Edge automatically renders PDF content when the browser is set as a default browser, this vulnerability only affects Windows 10 users with Microsoft Edge set as the default browser, as the exploit would execute by simply by viewing a PDF online. Web browsers for all other affected operating systems do not automatically
Two Zero-Day Exploits Found After Someone Uploaded 'Unarmed' PoC to VirusTotal

Two Zero-Day Exploits Found After Someone Uploaded 'Unarmed' PoC to VirusTotal

July 02, 2018Swati Khandelwal
Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild . In late March, researchers at ESET found a malicious PDF file on VirusTotal, which they shared with the security team at Microsoft "as a potential exploit for an unknown Windows kernel vulnerability." After analyzing the malicious PDF file, the Microsoft team found that the same file includes two different zero-day exploits—one for Adobe Acrobat and Reader, and the other targeting Microsoft Windows. Since the patches for both the vulnerabilities were released in the second week of May, Microsoft released details of both the vulnerabilities today, after giving users enough time to update their vulnerable operating systems and Adobe software. According to the researchers, the malicious PDF including both the zero-days e
Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

August 22, 2018Mohit Kumar
Google Project Zero's security researcher has discovered a critical remote code execution (RCE) vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on different platforms, including Windows, macOS, and a wide variety of Unix systems, offering software the ability to convert PostScript language files (or EPS) to many raster formats, such as PDF, XPS, PCL or PXL. A lot of popular PDF and image editing software, including ImageMagick and GIMP, use Ghostscript library to parse the content and convert file formats. Ghostscript suite includes a built-in -dSAFER sandbox protection option that handles untrusted documents, preventing unsafe or malicious PostScript operations from being executed. However, Google Project Zero team researcher Tavis Ormandy discovered that Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities,
Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous

Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous

July 29, 2011Mohit Kumar
Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous One of the Anonymous - @AnonWorldUnite today leaked the DHS emails on internet. He tweeted " A Wild Leak Has Appeared! : https://wp.me/p1JyTn-f #AntiSec #AnonOps #Leak #LulzSec #Anonymous https://wp.me/p1JyTn-f " The link given in the Twitter post is a link to a WordPress blog . The blog post said : You Asked – And You Shall Recieve #DHS Emails – *all emails and files were obtained legally. - https://www.mediafire.com/?zidv26ppown4u0s <3″ The article shows a Mediafire link download link with a PDF file ogc ap redacted foia process 301 350.pdf (8.04 MB) , in which the e-mails are capsuled in. UPDATE: As Anonymous Said that, They got this File in Legal Way, We try to find out and Get that this PDF is available on the DHS site at  https://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_process_301-350.pdf  and  https://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_process_651-700.pdf Eas
Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

August 17, 2017Wang Wei
Are you using Foxit PDF Reader? If yes, then you need to watch your back. Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in the Safe Reading Mode. The first vulnerability (CVE-2017-10951) is a command injection bug discovered by researcher Ariele Caltabiano working with Trend Micro's Zero Day Initiative (ZDI), while the second bug (CVE-2017-10952) is a file write issue found by Offensive Security researcher Steven Seeley. An attacker can exploit these bugs by sending a specially crafted PDF file to a Foxit user and enticing them to open it. Foxit refused to patch both the vulnerabilities because they would not work with the "safe reading mode" feature that fortunately comes enabled by default in Foxit Reader. "Foxit Reader & PhantomPDF has a Safe Reading Mode which is enabled by d
Adobe Reader PDF-tracking vulnerability reveals when and where PDF is opened

Adobe Reader PDF-tracking vulnerability reveals when and where PDF is opened

April 29, 2013Mohit Kumar
McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface (API), while Reader alerts a user when they are going to call on a resource from another place. The issue is not a serious problem and does not allow for remote code execution, but McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2. " We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an 'email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks ," wrote McAfee's Haifei Li. McAfee declined to reveal the details of the vulnerability as Adobe i
New Adobe Reader Zero-Day Vulnerability spotted in the wild

New Adobe Reader Zero-Day Vulnerability spotted in the wild

February 13, 2013Wang Wei
FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions. According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server. No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. " We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files ," said FireEye team. But until the vulnerability gets patched,
Trojan & Botnet Activities Increased in February-March !

Trojan & Botnet Activities Increased in February-March !

March 05, 2011Mohit Kumar
Trojans were the most prolific malware threat in February-March, and collaboration seems to be the name of the game in malware development and distribution. Trojan-based attacks continue to be the biggest malware threat in February, but PDF exploits aren't far behind, according to several security reports. About 1 in 290 e-mails in February were malicious, making the month one of the most prolific periods for the threats, according to Symantec's February 2011 MessageLabs Intelligence Report. The global ratio of spam in e-mail traffic was 81.3 percent, an increase of 2.7 percent since January, the report found. The recent decline in spam appears to have reversed for the time being, according to the report. There was a lot of botnet activity in February, and the perpetrators appeared to be working together to some extent to distribute Trojans, according to Symantec. There were signs of integration across Zeus, Bredolab and SpyEye, as techniques associated with one malware family w
Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

Foxit PDF Software Company Suffers Data Breach—Asks Users to Reset Password

August 30, 2019Swati Khandelwal
If you have an online account with Foxit Software, you need to reset your account password immediately—as an unknown attacker has compromised your personal data and log-in credentials. Foxit Software, a company known for its popular lightweight Foxit PDF Reader and PhantomPDF applications being used by over 525 million users, today announced a data breach exposing the personal information of 'My Account' service users. Though for using free versions of any Foxit PDF software doesn't require users to sign up with an account, the membership is mandatory for customers who want to access "software trial downloads, order histories, product registration information, and troubleshooting and support information." According to a blog post published today by Foxit, unknown third-parties gained unauthorized access to its data systems recently and accessed its "My Account" registered users' data, including their email addresses, passwords, users' n
Update Adobe Reader app for Android to Patch Remote Code Execution Vulnerability

Update Adobe Reader app for Android to Patch Remote Code Execution Vulnerability

April 15, 2014Wang Wei
If you're one of the 400 million Android users out there who have installed Adobe Reader app that helps you to view PDF documents on mobile devices, then you should immediately update your app from Google Play Store. Adobe has released an updated Adobe Reader 11.2.0 version to addresses an important vulnerability that could be exploited to gain 'remote code execution' ability on the affected system. According to the Adobe  advisory , vulnerability ( CVE-2014-0514 ) resides in the implementation of JavaScript APIs on Adobe Reader 11.2 that could be exploited to execute arbitrary code within Adobe Reader. Adobe vulnerability discovered by security researcher  Yorick Koster of Securify BV , claimed that an attacker can create a specially crafted PDF file containing malicious JavaScript code that triggers when the victim will try to open it using affected Adobe Reader for Android Operating System. Multiple attack vectors are available to deploy a malicio
CryptoLocker Ransomware demands $300 or Two Bitcoins to decrypt your files

CryptoLocker Ransomware demands $300 or Two Bitcoins to decrypt your files

October 13, 2013Wang Wei
If you're a daily computer user, you're likely aware of all the threats you face every day online in the form of viruses and malware . CryptoLocker , a new ransomware malware, began making the rounds several months ago. This ransomware is particularly nasty because infected users are in danger of losing their personal files forever. Ransomware is designed to extort money from computer users by holding computer files hostage until the computer user pays a ransom fee to get them back. The Cryptolocker hijacker sniffs out your personal files and wraps them with strong encryption before it demands money. Cryptolocker is spread through malicious hyperlinks shared via social media and spam emails, like fake UPS tracking notification emails. The original demanded payments of $100 to decrypt files, but the new and improved version demanding $300 from victims. Apparently, the encryption is created using a unique RSA-2048 public key. The decryption key is located o
MyAgent Trojan Targets Defense and Aerospace Industries

MyAgent Trojan Targets Defense and Aerospace Industries

August 16, 2012Mohit Kumar
FireEye Security experts are analyzing a targeted trojan that leverages emailed PDF files to gain access to systems and deliver its payload to specified networks in the aerospace, chemical, defense and tech industries. " We have seen different versions of this malware arriving as an exe inside a zipped file or as a PDF attachment. In this particular sample, the exe once executed opens up a PDF file called "Health Insurance and Welfare Policy." In addition to opening up a PDF file, the initial exe also drops another executable called ABODE32.exe (notice the typo) in the temp directory ." The malware also uses JavaScript to assess which version of Adobe Reader is currently running on the host machine, and then executes attacks based on known vulnerabilities in the discovered version. Once the trojan has infected its host machine, it communicates with its command and control server, the user agent string and URI of which are hard-coded into MyAgent's binary. FireEye
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.