Cyber Analysis Group - CyberAGroup - OSINT Darkweb Investigations  - Insider Threat - Crypto - Online threat & exposure - SOCMINT - Canadian

‹ Back

An exploit has been confirmed to leverage a zero-day vulnerability that works on the latest version of Adobe Reader without requiring any user interaction beyond opening a PDF file. Check out the exceptional work of Haifei Li (https://www.linkedin.com/in/haifeili/) in finding the vulnerability, which has been out there since November. Li notes the threat actors were not just collecting local information but delivering additional exploits.

Another reason we use GetSafeDocs.com to send and receive all our documents. As the exploit is JavaScript-based, it (and any similar still-undiscovered exploits) is flagged as a "high risk of exploit" for any incoming or outgoing PDFs in GetSafeDocs. For good measure, GetSafeDocs has now added a YARA rule for the obfuscation. While we use GetSafeDocs for its other great features: encryption, document control, and tracking, the built-in automated malware detection is a huge bonus.

 

Here's what it looks like in GetSafeDocs:

 

 

Tip - even if you don't send or receive your document using GetSafeDocs, with a free account, you can still use it just to scan a doc and see if it could be a malware carrier - something anti-virus software doesn't do. GetSafeDocs will catch this kind of exploit when anti-virus programs miss it until they have a signature. Undetected for months, even after it was discovered, only five out of 64 security vendors flagged the exploit as malicious.