PDF

(get it in RSS or Atom)

May Patch Tuesday critical for users of Internet Explorer and web-based services

Patch Tuesday

Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.

Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.

PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again

PWN2OWN 2013 finished off today.

A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...

That was quick! Adobe's emergency patch for Reader and Acrobat is here...

adobe-reader-250

Adobe has released the emergency update for Reader and Acrobat that it promised late last week.

You may as well take advantage of Adobe's new-found velocity and get busy patching!

Fake Apple invoices lead to Blackhole exploit kit that drains your bank account

Fake Apple invoices lead to Black Hole that drains your bank account

A new round of spams proclaims you have been charged for a large purchase from Apple.

All links lead to webpages infected with the Blackhole exploit kit. Be cautious with your online shopping this holiday season.

Blackhole exploit kit confusion. Custom builds or copycats?

Blackhole exploit kit confusion. Custom builds or copycats?

Are some of the different variants of Blackhole exploit kit that SophosLabs are seeing actually new versions of this popular Exploit kit? Or simply copycats created by other groups?

Adobe Reader zero-day exploit thwarts sandboxing

Adobe Reader zero-day exploit thwarts sandboxing

The vulnerability is selling for up to $50K on the black market, security researchers say, and has been included in a package of banking Trojans called the Blackhole Exploit Kit, which is the most prevalent exploit kit out there.

MediaFire restores virus researcher’s account, questions copyright troll and DMCA claim

megaphone_250: MediaFire Restores Virus Researcher’s Account, Questions Copyright Troll and DMCA Claim

Cloud-based storage firm MediaFire restored account access to a virus researcher who was suspended after a mysterious firm claimed virus samples she posted on the service violated copyright protections.

Cloud storage firm flags malware as "Copyrighted Material," boots security researcher

Cloud storage firm flags malware as "Copyrighted Material," boots security researcher

A malware researcher finds herself in company with First Lady Michelle Obama and science fiction author Neil Gaiman: booted from the web by hard-headed copyright protection algorithms.

How PDFs can infect your computer via Adobe Reader vulnerabilities [VIDEO]

Adobe Reader vulnerability. How PDFs can infect your computer [VIDEO]

Adobe PDF vulnerability exploitation caught on camera.

Sophos security expert Chet WIsniewski demonstrates how malicious PDFs can infect your computer.

Encoding malicious PDFs as XDP files to bypass anti-virus? No need to panic

Encoding malicious PDFs as XDP files to bypass anti-virus? No need to panic

GovCertUK, the UK Government's Computer Emergency Response Team, had issued an alert warning that attackers could bypass gateway anti-virus software to infect organisations, by encoding malicious PDF files into the XDP format.

PDF malware adopts another obfuscation trick in attempt to avoid detection

PDF malware adopts another obfuscation trick in attempt to avoid detection

SophosLabs researcher Paul Baccas takes a close look at a way in which malware authors attempt to disguise their attacks inside boobytrapped PDF files.

Why is a 14-month-old patched Microsoft vulnerability still being exploited?

no-brainer

While the media just looove zero-day exploits, the security industry sees a lot more exploits designed to take advantage of patched vulnerabilities. Question is why don't many of us get around to installing the patches?

How NOT to redact a PDF - Military radar secrets spilled

How NOT to redact a PDF - Air defence radar secrets spilled

The UK Ministry of Defence has been caught out again by a schoolboy error - not knowing how to properly redact a PDF.

As we've explained before, if you're an organisation that is making public an internal document, you best make sure that you have deleted or blacked out any personal, confidential or actionable information.

Mac OS X Trojan hides behind malicious PDF disguise

Mac OS X Trojan hides behind malicious PDF disguise

A fascinating new example of Mac malware has been discovered, that appears to be adopting an old Windows-style disguise to fool users into running it.

It's disguise? A controversial political dispute between China and Japan.

TWiT.tv - malware infects Leo Laporte's website

twit-thumb

The website run by internet celebrity Leo Laporte, TWiT.tv, has been hit by a malware infection intended to infect visiting computers.

Internet Explorer users have low IQ? Media hoaxed by bogus research

Internet Explorer users have low IQ? Media hoaxed by bogus research

Media organisations are duped by false research claiming that Internet Explorer users are dumb.

How NOT to redact a PDF - Nuclear submarine secrets spilled

How NOT to redact a PDF - Nuclear submarine secrets spilled

A silly error leaves egg on the face of the British military - but have you learnt the lessons of how to properly redact a PDF?

Who ordered spam? New trick in PDF malware uncovered

Who ordered spam? New trick in PDF malware uncovered

SophosLabs researcher Paul Baccas takes a close look at a PDF malware campaign.

Malicious PDF attack spammed out from compromised VioVet email system

Malicious PDF spammed out from compromised VioVet email system

If you're a customer of VioVet, the UK pet supplies and medications website, then be very careful opening your email this morning.

Customers have received an email purporting to contain a £50 gift certificate from the firm - but they're really being pointed to malware.

Adobe Reader X stops malicious PDF spam campaign dead in its tracks

adobe-reader-x-thumb

A new malicious spam campaign underlines the security benefits of upgrading to the latest version of Adobe Reader X.

SophosLabs researcher Paul Baccas takes a closer look.