blog trackingRealtime Web Statistics Adobe Archives | Page 4 Of 5 | Gregory D. Evans | Worlds No. 1 Security Consultant | Gregory D. Evans | Worlds No. 1 Security Consultant - Part 4

Posts Tagged ‘Adobe’

Adobe Reader zero-day patch due today

Adobe is set to release a patch today for an older version of the Reader PDF viewer to stymie attacks like those aimed at major defence contractors earlier this month.

Nine days ago, the company confirmed a critical bug in Reader and promised to fix the flaw in Reader and Acrobat 9.x this week.

The exploits uncovered by security researchers were aimed specifically at Reader 9.x using malformed PDF documents attached to bogus emails.

A day after Adobe acknowledged the vulnerability, researchers at Symantec confirmed that attacks had targeted defence contractors , as well as individuals working in the telecommunications, manufacturing, computer hardware and chemical sectors. The attacks spiked on 1 December, Symantec said.

The attackers may have been hoping to steal confidential information from the targeted firms.

If opened by the recipient, the malicious PDF hijacked the Windows PC, then infected those machines with “Sykipot,” a general-purpose backdoor Trojan that was first spotted being used in March 2010 as the payload in attacks exploiting a then-unpatched bug in Microsoft’s IE6 and IE7.

Later research by Symantec and others found hints of Chinese involvement: Code remnants were in the Simplified Chinese character set, and the malware’s command-and-control server was traced to a Chinese IP address.

But unlike Symantec, independent security researcher Brandon Dixon didn’t think a national government or other well-funded organisation was behind the Sykipot attacks that exploited the Reader flaw.

“The tool used to create this malicious PDF document has little modularity or sophistication. For this reason alone I have a hard time believing this attack was created by a nation-state government,” Dixon said in a blog post last weekend, one of three in which he analysed the threat.

“Instead, I think this was done by a small group of people whose motivation would be to support their government and send data back to them. This sort of behaviour fits the Chinese hacker model and gives a bit more value to the traits identified within the document and dropper.”

Adobe today again told users — as it did last week — that it will not deliver patches for Reader and Acrobat 10 on Windows, or for any version of those applications on Mac OS X and Unix, until January 10, 2012.

It has justified the delay by pointing out that Reader 10 includes an anti-exploit “sandbox” which blocks the in-circulation exploit, and that it has seen no sign of attacks targeting Mac or Linux machines.

The patched versions of Reader and Acrobat 9.x will be available tomorrow from Adobe’s website . Alternately, users will be able to run the programs’ integrated update tool or wait for the software to prompt them that a new version is available.

Adobe has not disclosed what time it will issue the Reader and Acrobat 9.x updates.

Friday’s fix will be the sixth security update for Reader this year.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1b011bde/l/0Lnews0Btechworld0N0Csecurity0C33256630Cadobe0Ereader0Ezero0Eday0Epatch0Edue0Etoday0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Adobe patches two vulnerabilities in Reader and Acrobat



Adobe releases out-of-band patch for Adobe Reader and Acrobat 9.x in order to address actively exploited vulnerabilities

Adobe Systems has released Adobe Reader and Acrobat 9.4.7 in order to patch two vulnerabilities that are being actively exploited in attacks against companies from the defense industry.

One of the security flaws, identified as CVE-2011-2462, was announced on Dec. 6 after Lockheed Martin’s Computer Incident Response Team and members of the Defense Security Information Exchange reported it to Adobe.

[ The Web browser is your portal to the world — as well as the conduit that lets in many security threats. InfoWorld’s expert contributors show you how to secure your Web browsers in this “Web Browser Security Deep Dive” PDF guide. ]

Symantec confirmed a few days later that the vulnerability had been exploited since the beginning of November in email-based attacks that targeted companies from the telecommunications, manufacturing, computer hardware, chemical and defense industries.

Since the original advisory was published last week, Adobe has learned of a second vulnerability that was also being exploited in the wild. The company assigned an identifier of CVE-2011-4369 to the new flaw, but it’s not clear if it’s related to the same attacks as the first one.

“The Adobe Reader and Acrobat team was able to provide a fix for this new issue as part of today’s update. Note also that at this time, we are only aware of one instance of CVE-2011-4369 being used,” said Wiebke Lips, Adobe’s senior manager of corporate communications.

Even though the vulnerabilities also affect the Adobe Reader and Acrobat X (10.x) branch, Adobe decided to postpone updates for these versions until the next scheduled update cycle on Jan. 10.

“Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of the type currently targeting these vulnerabilities (CVE-2011-2462 and CVE-2011-4369) from executing, we are planning to address these issues in Adobe Reader and Acrobat X for Windows with the next quarterly security update,” the company said in a security bulletin published today.

Updates for Adobe Reader 9.x for Unix will also be released on Jan. 10, because the attacks are not considered an immediate threat to Unix users. Users of the Windows 9.x versions are strongly encouraged to upgrade to Adobe Reader and Acrobat 9.4.7 in order to protect their computers.

Article source: http://www.infoworld.com/d/security/adobe-patches-two-vulnerabilities-in-reader-and-acrobat-181983?source=rss_security

View full post on National Cyber Security

(1) HIGH: Adobe Reader Unspecified Vulnerability

Category: Widely Deployed Software

Affected:

  • Adobe Reader X (10.1.1) and earlier
  • Adobe Reader 9.4.6 and earlier

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Adobe InDesign, Reader & X Suite Advanced Malware Attacks

Fake emails used in December 6 and December 7 attacks attempt to trick Adobe users into opening malware-laden attachments. According to two separate Sophos reports, attackers sent one email to Adobe InDesign users, and another email to Adobe Reader and X Suite users. Both emails contain attachments claiming to be part of a critical “Adobe update,” but contain malware instead. However, Adobe does not issue updates via email, and never have, according to the Adobe Online Piracy page. Following are some facts about the attacks, facts about the fake emails, and other important information.

Who did the Adobe malware attacks target?

The attacks contain similar wording, similar malware, and come only a day apart. The first attack was an email aimed at Adobe Reader and Adobe X Suite Advanced users. According to the first Sophos report, it contains the Trojan known as, “Troj/BredoZp-GY.” The second attack was an email aimed at Adobe InDesign users, and it contains the Trojan known as, “Troj~Bredo-MY,” according to the second Sophos report.

What did the fake Adobe Reader and X Suite Advanced emails say?

According to the first Sophos report, the emails to Reader and X Suite Advanced users claimed to be from Adobe Systems Incorporated, and claimed to contain a new version or a critical upgrade to an existing version located in the attached file. However, the notification reference numbers, exact message wording, and the last word in the attached file names are different in each email. The attachment file name reads, “AdobeSystems-Software_Critica Update Dec_2011,” and then a random word or number comes after it, and then the ZIP file extension (.zip) is added. In reality, this attachment contains an executable program file that Sophos determined to be a malware program with the same name, but swapping the “.zip” file extension for the “.exe” file extension.

What did the fake Adobe InDesign emails say?

According to the second Sophos report, the emails to Adobe InDesign users claimed to contain an updated license key to the Adobe InDesign Creative Suite 4 (CS4) program. Each email contains an attachment that Sophos determined to be malware-laden. The attachment is labeled, “License_key_ID,” contains a random number, and the ZIP file extension (.zip). The subject line stays the same with each of the emails and reads, “InDesign CS4 License Key,” while claiming to be from, “Adobe Systems Incorporated,” just as the Reader and X Suite Advanced attack emails do.

How dangerous is the malware contained in the emails?

According to Sophos, both Trojans create fake Windows registry keys, and create files within the “svchost.exe,” process, which is necessary for any Windows-based computer to operate normally. The Trojans were also identified as variants of the Zeus Trojan, so they are quite dangerous. According to PC World, Zeus, detected in 2006, allowed 60 of its creators to get away with stealing more than $200 million by the time they were charged with numerous crimes in 2010.

What else should users know about the attacks?

While most Adobe users know Adobe does not issue updates via email, some are fooled because the emails look official. Nevertheless, on its Online Piracy page Adobe states that anyone receiving an email claiming to be from Adobe and asking for personal information should report that email as fraud. Otherwise, if a computer is infected, using an already installed and up to date security program that can remove the Zeus Trojan should work to remove these variants.

Jessica (JC) Torpey is a self-taught computer technician with more than 10 years experience in the field. JC’s passion is studying the various political and business aspects of the technology industry. Combining that knowledge with her love of computers, JC uses it to influence her writing.

Article source: http://news.yahoo.com/adobe-indesign-reader-x-suite-advanced-malware-attacks-204300554.html

View full post on National Cyber Security » Virus/Malware/Worms

Symantec confirms Adobe Reader exploits targeted defence companies

Security researchers at Symantec today confirmed that exploits of an unpatched Adobe Reader vulnerability targeted defense contractors, among other businesses.

“We’ve seen [this targeting] people at telecommunications, manufacturing, computer hardware and chemical companies, as well as those in the defense sector,” said Joshua Talbot, senior security manager in Symantec’s security response group, in an interview Wednesday.

Symantec mined its global network of honeypots and security detectors — and located email messages with attached malicious PDF documents — to come to that conclusion.

The inclusion of defense contractors was not unexpected.

Yesterday, when Adobe warned Reader and Acrobat users that hackers were exploiting a “zero-day” bug on Windows PCs, it credited Lockheed Martin’s security response team and the Defense Security Information Exchange (DSIE), a group of major defense contractors that share information about computer attacks, with reporting the vulnerability.

The DSIE is composed of companies that are also part of what the federal government calls the “Defense Industrial Base,” or DIB. Among the DIB’s members are some of the country’s largest defense contractors, including Boeing, General Dynamics, Lockheed Martin, Northrup Grumman, Pratt Whitney and Raytheon.

Symantec found attack emails dated 1 November and 5 November, 2011.

It also published an image of a redacted email of the attack’s bait — the promise of a 2012 guide to policies on new contract awards — that it said was a sample of the pitches that tried to dupe recipients into opening the attached PDF document.

The message’s subject heading read, “FY12 XXXXX Contract Guide,” and the body simply stated, “FY12 XXXXX contract guide is now available for all contractors of XXXXX. The new guide contains update information of XXXXX policy on contract award process.

Opening the attached attack PDF also executed the malicious code — likely malformed 3-D graphics data — hidden in the PDF, compromising the targeted PC and letting the attacker infect the machine with malware.

That malware, Talbot said, was identical to what was used in early 2010 by hackers exploiting a then-unpatched bug in Microsoft’s Internet Explorer 6 (IE6) and IE7.

Symantec labeled the malware “Sykipot” last year.

“It’s not overly sophisticated,” said Talbot. “It’s a general-purpose backdoor. One of the interesting things about it is that it does use a form of encryption of the stolen information, which helps the attack hide what information is stolen.”

Sykipot encrypts the pilfered data after it has been retrieved from the victimised firm but while it is still stored on the company’s network, as well as when it’s transmitted to a hacker-controlled server.

Those command-and-control (CC) servers are still operating, Talbot said.

Because of the similarities — using Sykipot, which isn’t widely in play, and exploiting zero-day vulnerabilities — Symantec suspects that the same group of hackers who launched the attacks against IE6 and IE7 last year were also responsible for the Reader-based attacks seen last month.

Microsoft patched the IE6 and IE7 vulnerability on 30 March, 2010, in an emergency, or “out-of-band,” update.

Although Symantec found evidence of only the early-November attacks, Talbot said he wouldn’t be surprised if the criminals fired off another information-stealing campaign between now and next week, when Adobe promised to patch the bug in Reader and Acrobat 9.x on Windows, the versions that have been exploited in the wild.

Talbot declined to specify the geographic location of the Sykipot CC servers, or speculate on the origin of the Reader exploits.

Adobe will patch the Windows versions of Reader and Acrobat 9.x by the end of next week, and has promised to deliver fixes to Reader and Acrobat 9.x to Mac and Unix users, and to Reader and Acrobat 10.x for all platforms, next month.

Symantec has shipped detection signatures for the rogue PDFs to its customers, said Talbot.

Article source: http://rss.feedsportal.com/c/270/f/3551/s/1ac43c33/l/0Lnews0Btechworld0N0Csecurity0C33237640Csymantec0Econfirms0Eadobe0Ereader0Eexploits0Etargeted0Edefence0Ecompanies0C0Dolo0Frss/story01.htm

View full post on National Cyber Security » Computer Hacking

Beware Adobe Software Upgrade Notification – malware attached!

Cybercriminals have widely spammed out a malware attack posing as upgrades for Adobe Acrobat Reader and Adobe X Suite Advanced.Beware Adobe Software Upgrade Notification – malware attached!, Blog, Software, malware, Adobe, Beware, upgrade, Notification, attached

View full post on Naked Security — Sophos

View full post on National Cyber Security

Adobe SSL Certificate Problem (fixed), (Wed, Oct 5th)

Tuesday morning, we received a number of reports from readers indicating that the SSL certificate used for “settings.adobe.com” was out of date. Initially, we had a hard time reproducing the finding. But some of our handlers in Europe were able to see the expired certificate.

The expired certificate was valid from Oct 6th  2009 to Oct 6h 2010. Which is somewhat unusual. Typically, we would expect a certificate that “just expired yesterday” and someone forgot to renew it. In this case, it looked more like someone installed an older certificate instead of the new one.

The correct certificate was pretty much exactly a year old and valid for another year. Everything indicated that the Adobe certificates indeed expire in the first week of October.

In the end, we narrowed the affected geography down to Europe and contacted Adobe. Adobe responded promptly and as of this evening, the problem appears to be fixed. Thanks everybody who helped via twitter narrowing down the affected geography and thanks to the readers reporting this initially.

——
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Article source: http://isc.sans.edu/diary.html?storyid=11737&rss

View full post on National Cyber Security

Gergory Evans

11.40.6 Adobe Flash Player Multiple Vulnerabilities

CVEs: CVE: CVE-2011-2426,CVE-2011-2427,CVE-2011-2428,CVE-2011-2429,CVE-2011-2430,CVE-2011-2444

Platform: Cross Platform

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

(1) HIGH: Adobe Flash Player Multiple Vulnerabilities

Category: Widely Deployed Software

Affected:

  • Adobe Flash Player for Windows, Macintosh, Linux, and Solaris versions prior to 10.3.183.7
  • Adobe Flash Player for Android prior to 10.3.186.6

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Gergory Evans

(1) HIGH: Adobe Flash Player Multiple Vulnerabilities

Category: Widely Deployed Software

Affected:

  • Adobe Flash Player for Windows, Macintosh, Linux, and Solaris versions prior to 10.3.183.7
  • Adobe Flash Player for Android prior to 10.3.186.6

View full post on @RISK: The Consensus Security Alert

View full post on National Cyber Security

Page 4 of 5«12345»

My Twitter

  • Cyber Security News Today is out! https://t.co/poG45LHzAB @gregorydevans #hacker
    about 5 hours ago
  • RT @GregoryDEvans: Another Case in Which a School District Is Found Not Liable for Student Bullying – The S https://t.co/5UluSvGpAz #securi…
    about 11 hours ago
  • RT @GregoryDEvans: Credit card skimmer found at another Butler County gas station https://t.co/jNAtDEg9IB https://t.co/81WRi2ilAd
    about 22 hours ago
  • RT @GregoryDEvans: #galaxylife #samsung4life Another hospital’s been hacked, this time in Kansas https://t.co/yp5ZdYYQwb
    about 22 hours ago
  • RT @GregoryDEvans: Cyber Security Takes Centre Stage in UK Government’s Strategy https://t.co/6EFGzftlQE #security #hacker #HTCS
    about 1 day ago

AmIHackerProof.com By Gregory D. Evans

Hacker For Hire By Gregory Evans

Gregory D. Evans On Facebook

Parent Securty By Gregory D. Evans

National Cyber Security By Gregory D. Evans

Dating Scams By Gregory Evans