Good news ! Hackbusters community is waiting for you !  https://discuss.hackbusters.com
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at: https://discuss.hackbusters.com.

Adobe Reader Zero-Day Micropatch Stops Malicious PDFs from Calling Home

Adobe-logo

A micropatch is now availablefor a zero-day vulnerability in Adobe Reader which would allow maliciously crafted PDF documents to call home and send over the victim's NTLM hash to remote attackers in the form of an SMB request.

The vulnerability was first disclosed by security researcherAlex Inführ on his blog, where a full analysis of the security issue and a proof-of-concept were published before Adobe managed to push out a security fix for the issue.

Applying the micropatch delivered through the0patchplatform will not require a system restart or relaunching a program, with theeffect being immediate because it is an in-memory fix for running processes.

According toMitja Kolsek, CEO ofACROS Security, the company behind 0patch:

This vulnerability, similar to CVE-2018-4993, the so-called Bad-PDF reported by CheckPoint in April last year, allows a remote attacker to steal user's NTLM hash included in the SMB request. It also allows a document to "phone home", i.e., to let the...(continued)

View All Trending Stories