#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
AI Security

Search results for PDF | Breaking Cybersecurity News | The Hacker News

Researchers Find New Hack to Read Content Of Password Protected PDF Files

Researchers Find New Hack to Read Content Of Password Protected PDF Files

Oct 01, 2019
Looking for ways to unlock and read the content of an encrypted PDF without knowing the password? Well, that's now possible, sort of—thanks to a novel set of attacking techniques that could allow attackers to access the entire content of a password-protected or encrypted PDF file, but under some specific circumstances. Dubbed PDFex , the new set of techniques includes two classes of attacks that take advantage of security weaknesses in the standard encryption protection built into the Portable Document Format, better known as PDF. To be noted, the PDFex attacks don't allow an attacker to know or remove the password for an encrypted PDF; instead, enable attackers to remotely exfiltrate content once a legitimate user opens that document. In other words, PDFex allows attackers to modify a protected PDF document, without having the corresponding password, in a way that when opened by someone with the right password, the file will automatically send out a copy of the decry
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Feb 23, 2021
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called " Shadow attacks " by academics from Ruhr-University Bochum, the technique uses the "enormous flexibility provided by the PDF specification so that shadow documents remain standard-compliant." The findings were presented yesterday at the Network and Distributed System Security Symposium (NDSS), with 16 of the 29 PDF viewers tested — including Adobe Acrobat, Foxit Reader, Perfect PDF, and Okular — found vulnerable to shadow attacks. To carry out the attack, a malicious actor creates a PDF document with two different contents: one which is the content that's expected by the party signing the document, and the other, a piece of hidden content that gets displayed once the PDF is signed. "The signers of the PDF receive the document, review it, and s
5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy

5 Key Questions CISOs Must Ask Themselves About Their Cybersecurity Strategy

Jul 08, 2024Cybersecurity / Enterprise Security
Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.  Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls around, everyone wants answers: Are we safe from attacks? Are we making progress? Could happen to us? These are all fair concerns.  The question is, how do we best answer them? A company board deserves clear, concise information tied to business goals , not technical details about fixes or attack methods. A communication gap between the CISO and the board can lead to misunderstandings, increased risk, and potentially devastating cyberattacks. And this is why one of the overriding challenges for CISOs today remains: How to pr
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

May 20, 2024 Vulnerability / Malware
Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful commands," Check Point  said  in a technical report. "This exploit has been used by multiple threat actors, from e-crime to espionage." It's worth noting that Adobe Acrobat Reader – which is more prevalent in sandboxes or antivirus solutions – is not susceptible to this specific exploit, thus contributing to the campaign's low detection rate. The issue stems from the fact that the application shows "OK" as the default selected option in a pop-up when users are asked to trust the document prior to enabling certain features to avoid potential security risks. Once a user clicks OK, they are displayed a second pop-up warning that the file is about to execute
cyber security

ITDR: Addressing the Protection Gap of the Identity Attack Surface

websiteSilverfortThreat Detection / Identity Protection
Learn how security teams evaluate and choose an Identity Threat Detection and Response (ITDR) solution to deliver real-time protection against identity threats.
Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

Researchers Demonstrate 2 New Hacks to Modify Certified PDF Documents

May 29, 2021
Cybersecurity researchers have disclosed two new attack techniques on certified PDF documents that could potentially enable an attacker to alter a document's visible content by displaying malicious content over the certiļ¬ed content without invalidating its signature. "The attack idea exploits the flexibility of PDF certification, which allows signing or adding annotations to certified documents under different permission levels,"  said  researchers from Ruhr-University Bochum, who have  systematically   analyzed  the security of the PDF specification over the years. The findings were presented at the 42nd IEEE Symposium on Security and Privacy ( IEEE S&P 2021 ) held this week. The two attacks — dubbed  Evil Annotation and Sneaky Signature attacks  — hinge on manipulating the PDF certification process by exploiting flaws in the specification that governs the implementation of digital signatures (aka approval signature) and its more flexible variant called certifica
Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Beware of MalDoc in PDF: A New Polyglot Attack Allowing Attackers to Evade Antivirus

Sep 04, 2023 Cyber Threat / Malware
Cybersecurity researchers have called attention to a new antivirus evasion technique that involves embedding a malicious Microsoft Word file into a PDF file. The sneaky method, dubbed  MalDoc in PDF  by JPCERT/CC, is said to have been employed in an in-the-wild attack in July 2023. "A file created with MalDoc in PDF can be opened in Word even though it has magic numbers and file structure of PDF," researchers Yuma Masubuchi and Kota Kino  said . "If the file has a configured macro, by opening it in Word, VBS runs and performs malicious behaviors." Such specially crafted files are called  polyglots  as they are a legitimate form of multiple different file types, in this case, both PDF and Word (DOC). This entails adding an MHT file created in Word and with a macro attached after the PDF file object. The end result is a valid PDF file that can also be opened in the Word application. Put differently; the PDF document embeds within itself a Word document with a VB
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

May 21, 2024 Supply Chain Security / AI Model
A critical security flaw has been disclosed in the  llama_cpp_python  Python package that could be exploited by threat actors to achieve arbitrary code execution. Tracked as  CVE-2024-34359  (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx. "If exploited, it could allow attackers to execute arbitrary code on your system, compromising data and operations," security researcher Guy Nachshon  said . llama_cpp_python, a Python binding for the  llama.cpp library , is a popular package with over 3 million downloads to date, allowing developers to integrate AI models with Python.  Security researcher Patrick Peng (retr0reg) has been credited with discovering and reporting the flaw, which has been addressed in version 0.2.72. The  core issue  stems from the misuse of the Jinja2 template engine within the llama_cpp_python package, allowing for server-side template injection that leads to remote code execution by means o
Origami 1.0 released - Pdf manipulation framework !

Origami 1.0 released - Pdf manipulation framework !

May 27, 2011
Origami is a framework for PDF documents manipulation written in pure Ruby. It can be used to analyze or create malicious PDF documents. Being written in Ruby, the core engine of Origami is totally scriptable and can be used for automated tasks on large sets of documents. A GTK graphical interface is also available for manually browsing through the inner objects of a PDF document. The philosophy behind Origami is the following: Support for both reading and writing to PDF documents. Origami is able to create documents from scratch, read existing documents and modify them. Each new feature added must be compatible with reading and writing. Handling a large subset of the PDF specification. Origami focuses on features from the PDF specification which can be used to obfuscate documents or provide offensive capabilities. Being flexible and extensible. Origami can be used in many ways, even if you are new to the Ruby language. Origami supports many advanced features of the PDF specific
#OpGoogle - Operation Google started by Anonymous Hackers !

#OpGoogle - Operation Google started by Anonymous Hackers !

Mar 06, 2011
#OpGoogle - Operation Google started by Anonymous Hackers !  #OPGoogle (Operation Google) : Mar 6 At 18:00 GMT+1. IRC CHAN : #oPGoogle . GUIDES : https://bit.ly/gFFTM5 .  The complete press release as shown below : #OpGoogle INDEX #1. English - done #2. Spanish - done #3. German - not yet, translators needed. #4. French - done #1 English Phase 1 - Spread & Infect We need to attract support, this is a very mandatory step to get strenght against Google. Must use Facebook, Twitter and and any social network you use. Twitter of the op is https://twitter.com/opdogfight Follow and retweet. Any other way of spread are also welcome, like 4chan, youtube, and so on. Phase 2 - Faxstorming campaign Step #1 Create an account in https://mailinator.com/index.jsp (ie sample@mailinator.com) Put in "Check your Inbox!" Step #2 Hide you behind a proxy (ie https://blackproxy.pl https://nntime.com/proxy-country/ https://www.samair.ru/proxy/type-01.htm
Microsoft Releases 9 Security Updates to Patch 34 Vulnerabilities

Microsoft Releases 9 Security Updates to Patch 34 Vulnerabilities

Aug 10, 2016
In Brief Microsoft's August Patch Tuesday offers nine security bulletins with five rated critical, resolving 34 security vulnerabilities in Internet Explorer (IE), Edge, and Office, as well as some serious high-profile security issues with Windows. A security bulletin, MS16-102 , patches a single vulnerability (CVE-2016-3319) that could allow an attacker to control your computer just by getting you to view specially-crafted PDF content in your web browser. Users of Microsoft Edge on Windows 10 systems are at a significant risk for remote code execution (RCE) attacks through a malicious PDF file. Web Page with PDF Can Hack Your Windows Computer Since Edge automatically renders PDF content when the browser is set as a default browser, this vulnerability only affects Windows 10 users with Microsoft Edge set as the default browser, as the exploit would execute by simply by viewing a PDF online. Web browsers for all other affected operating systems do not automatically
Two Zero-Day Exploits Found After Someone Uploaded 'Unarmed' PoC to VirusTotal

Two Zero-Day Exploits Found After Someone Uploaded 'Unarmed' PoC to VirusTotal

Jul 02, 2018
Security researchers at Microsoft have unveiled details of two critical and important zero-day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal, and get patched before being used in the wild . In late March, researchers at ESET found a malicious PDF file on VirusTotal, which they shared with the security team at Microsoft "as a potential exploit for an unknown Windows kernel vulnerability." After analyzing the malicious PDF file, the Microsoft team found that the same file includes two different zero-day exploits—one for Adobe Acrobat and Reader, and the other targeting Microsoft Windows. Since the patches for both the vulnerabilities were released in the second week of May, Microsoft released details of both the vulnerabilities today, after giving users enough time to update their vulnerable operating systems and Adobe software. According to the researchers, the malicious PDF including both the zero-days e
Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Critical Flaws in Ghostscript Could Leave Many Systems at Risk of Hacking

Aug 22, 2018
Google Project Zero's security researcher has discovered a critical remote code execution (RCE) vulnerability in Ghostscript—an open source interpreter for Adobe Systems' PostScript and PDF page description languages. Written entirely in C, Ghostscript is a package of software that runs on different platforms, including Windows, macOS, and a wide variety of Unix systems, offering software the ability to convert PostScript language files (or EPS) to many raster formats, such as PDF, XPS, PCL or PXL. A lot of popular PDF and image editing software, including ImageMagick and GIMP, use Ghostscript library to parse the content and convert file formats. Ghostscript suite includes a built-in -dSAFER sandbox protection option that handles untrusted documents, preventing unsafe or malicious PostScript operations from being executed. However, Google Project Zero team researcher Tavis Ormandy discovered that Ghostscript contains multiple -dSAFER sandbox bypass vulnerabilities,
Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

Russian COLDRIVER Hackers Expand Beyond Phishing with Custom Malware

Jan 18, 2024 Cyber Threat / Malware
The Russia-linked threat actor known as COLDRIVER has been observed evolving its tradecraft to go beyond credential harvesting to deliver its first-ever custom malware written in the Rust programming language. Google's Threat Analysis Group (TAG), which shared details of the latest activity, said the attack chains leverage PDFs as decoy documents to trigger the infection sequence. The lures are sent from impersonation accounts. COLDRIVER, also known by the names Blue Callisto, BlueCharlie (or TAG-53), Calisto (alternately spelled Callisto), Dancing Salome, Gossamer Bear, Star Blizzard (formerly SEABORGIUM), TA446, and UNC4057, is known to be active since 2019, targeting a wide range of sectors. This includes academia, defense, governmental organizations, NGOs, think tanks, political outfits, and, recently, defense-industrial targets and energy facilities. "Targets in the U.K. and U.S. appear to have been most affected by Star Blizzard activity, however activity has al
Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous

Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous

Jul 29, 2011
Department of Homeland Security (DHS) Emails leaked by #Antisec Anonymous One of the Anonymous - @AnonWorldUnite today leaked the DHS emails on internet. He tweeted " A Wild Leak Has Appeared! : https://wp.me/p1JyTn-f #AntiSec #AnonOps #Leak #LulzSec #Anonymous https://wp.me/p1JyTn-f " The link given in the Twitter post is a link to a WordPress blog . The blog post said : You Asked – And You Shall Recieve #DHS Emails – *all emails and files were obtained legally. - https://www.mediafire.com/?zidv26ppown4u0s <3″ The article shows a Mediafire link download link with a PDF file ogc ap redacted foia process 301 350.pdf (8.04 MB) , in which the e-mails are capsuled in. UPDATE: As Anonymous Said that, They got this File in Legal Way, We try to find out and Get that this PDF is available on the DHS site at  https://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_process_301-350.pdf  and  https://www.dhs.gov/xlibrary/assets/foia/ogc_ap_redacted_foia_process_651-700.pdf Eas
Cybersecurity
Expert Insights
Cybersecurity Resources