A stealthy remote access trojan (RAT) named ‘SeroXen’ has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities. […]
Related Posts
Hackers are Selling Exploits for Foxit Read: Patch ASAP!
Hackers are Selling Exploits for Foxit Read: Patch ASAP!
[[{“value”:”
A threat actor has announced the sale of an exploit targeting a vulnerability in Foxit Reader, a widely used PDF viewer.
This vulnerability could potentially allow remote code execution, posing a significant risk to millions of users worldwide.
Foxit has responded by releasing updates to patch these vulnerabilities.
Users are urged to update their software immediately to protect against potential attacks.
The Vulnerability in Detail
Foxit Reader, known for its lightweight design and comprehensive feature set, has become a popular alternative to Adobe Reader. However, its widespread use also makes it a target for cybercriminals.
Document
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
The vulnerability in question affects Foxit PDF Reader 12.0.2 and earlier versions on Windows, as well as Foxit PDF Editor (previously named Foxit PhantomPDF) versions 12.0.2.12465 and earlier, including all previous 12. x and 11. x versions, and 10.1.9.37808 and earlier.
On the macOS platform, affected software includes Foxit PDF Editor for Mac 12.0.1.0720, 12.0.0.0601, 11.1.3.0920, and earlier, as well as Foxit PDF Reader for Mac 12.0.1.0720 and earlier versions.
The Threat Actor’s Announcement
An unidentified threat actor has put the exploit up for sale. It reportedly allows for remote code execution by exploiting a vulnerability in Foxit Reader.
According to the announcement, the exploit operates by running a malicious build when a specially crafted PDF file is opened and reloaded in the official Reader, potentially allowing attackers to take control of affected systems.
In response to the threat, Foxit has released updates for its PDF software on both Windows and macOS platforms.
The updates, Foxit PDF Editor for Mac 12.0.2 and Foxit PDF Reader for Mac 12.0.2, along with Foxit PDF Reader 12.1 and Foxit PDF Editor 12.1 for Windows, address the security and stability issues identified.
Affected Versions and Updates
ProductAffected VersionsPlatformFoxit PDF Editor for Mac (previously PhantomPDF)12.0.1.0720, 12.0.0.0601, 11.1.3.0920 and earliermacOSFoxit PDF Reader for Mac (previously Reader)12.0.1.0720 and earliermacOSFoxit PDF Reader12.0.2.12465 and earlierWindowsFoxit PDF Editor (previously PhantomPDF)12.0.2.12465 and all previous 12.x versions, 11.2.3.53593 and all previous 11.x versions, 10.1.9.37808 and earlierWindows
Urgent Call to Action
Users of Foxit Reader and Foxit PDF Editor on both Windows and macOS platforms are strongly advised to update their software to the latest versions immediately.
Doing so will patch the vulnerabilities and protect against potential exploits.
Foxit has made the updates available on its official website, ensuring users can easily access and install the necessary software to secure their systems.
The announcement of an exploit sale targeting Foxit Reader underscores the importance of maintaining up-to-date software to protect against cybersecurity threats.
By promptly applying the latest patches from Foxit, users can safeguard their systems from potential remote code execution attacks.
As cyber threats evolve, staying informed and vigilant is more crucial than ever.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Hackers are Selling Exploits for Foxit Read: Patch ASAP! appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
.webp)
WARNING: Hackers’ New Favorite Tool – Weaponized SVG Files!
WARNING: Hackers’ New Favorite Tool – Weaponized SVG Files!
[[{“value”:”
Threat actors use SVG files in cyber-attacks because SVGs (Scalable Vector Graphic files) can contain embedded scripts, making them a vector for executing malicious code.
Not only that even the SVG files can also bypass certain security measures as well due to their ability to blend in with legitimate web content.
Recently, cybersecurity researchers at Cofense discovered that hackers are increasingly using weaponized SVG files in cyber attacks.
Weaponized SVG Files
SVG files are advanced vectors for evolving malware delivery, which surged with AutoSmuggle in May 2022, facilitating the malicious payloads in HTML/SVG.
Document
Free Webinar : Mitigating Vulnerability & 0-day Threats
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
Besides this, threat actors have exploited it in two major campaigns since December 2023.
SVG files have been increasingly used for malware delivery since 2015 when they were first exploited to deliver ransomware by embedding malicious content. In 2017, SVG files downloaded Ursnif malware.
A major incident occurred in 2022 with SVG files containing embedded .zip archives that delivered QakBot malware via HTML smuggling, a new tactic different from previous external content downloads.
Recently, SVG files have been used to chain an exploit with smuggling capabilities to access Roundcube servers, as well as deliver Agent Tesla Keylogger and XWorm RAT in separate campaigns.
The versatility of SVG files across these varying tactics demonstrates their potential for malicious use.
Infection chain (Source – Cofense)
AutoSmuggle, which debuted on GitHub in May 2022, covertly embeds executables or archives within SVG or HTML files, bypassing network defenses to deliver payloads.
This “smuggling” technique evades Secure Email Gateways (SEGs), unlike direct attachments.
Threat actors leverage this tactic to cloak malicious files as genuine HTML content, ensuring successful delivery upon victims opening the file.
Various methods exist for HTML/SVG file smuggling, with .zip archives within SVG files being prevalent in recent campaigns.
In the context of malware delivery, there are two major ways through which SVG files are used.
When an SVG file is opened in a browser, it usually leads to a download prompt irrespective of the method used.
At first, embedded URLs were exploited to deliver malware and later versions featured striking images as means of engaging users with downloaded payloads.
Both the 2015 and 2017 campaigns saw malicious content being externally sourced by SVG files instead of embedding it within themselves.
SVG files using smuggling techniques were later introduced, delivering embedded malicious files when opened.
They don’t display images; instead, they rely on the victim’s curiosity to engage with the delivered file.
Threat actors use SVG files because they’re treated with less suspicion than HTML or archives, making it easier to “smuggle” files inside them.
The campaigns utilizing SVG files to deliver Agent Tesla Keylogger and XWorm RAT had consistent infection chains involving attached SVG files that dropped embedded archives containing scripts to download and run the malware payloads.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post WARNING: Hackers’ New Favorite Tool – Weaponized SVG Files! appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Ivanti warns of critical flaws in its Avalanche MDM solution
Ivanti warns of critical flaws in its Avalanche MDM solution
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. […] Read More
BleepingComputer