Adobe Acrobat

Adobe hack: 2.9 million customer data at risk

September 30th, 2013

As recently discovered by Adobe, it had suffered some sophisticated attacks on its network that lead to theft of 2.9 million customer’s personal information including payment card information and source code for multiple Adobe software products such as ColdFusion, ColdFusion Builder, Adobe Acrobat and some more.

Brad Arkin, chief security officer of Adobe said “Very recently, Adobe’s security team discovered sophisticated attacks on our network, involving the illegal access of customer information as well as source code for numerous Adobe products. We believe these attacks may be related”.

Arkin further added “Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates, and other information relating to customer orders. At this time, we do not believe the attackers removed decrypted credit or debit card numbers from our systems. We deeply regret that this incident occurred. We’re working diligently internally, as well as with external partners and law enforcement, to address the incident”.

“Over 40 Gigabytes in encrypted archives have been discovered on a hackers’ server that appear to contain source code of such products as Adobe Acrobat Reader, Adobe Acrobat Publisher, and the Adobe ColdFusion line of products. It appears that the breach of Adobe’s data occurred in early August of this year but it is possible that the breach was ongoing earlier,” Hold Security, the security firm said in a post.

Adobe’s Arkin says the company is not aware of zero-day exploits or other specific threats to its customers due to the source code theft. “However, as always, we recommend customers run only supported versions of the software, apply all available security updates, and follow the advice in the Acrobat Enterprise Toolkit and the ColdFusion Lockdown Guide. These steps are intended to help mitigate attacks targeting older, unpatched, or improperly configured deployments of Adobe products,” he says.

All the Adobe customers who were affected by this data breach incident will be informed and adviced to change their password. Company is also alerting customers whose credit and debit card information was stolen. The news which brings some relief to the company is that the financial information was encrypted.

The company is working on “federal law enforcement” which would help them in investigation process of the hacks.

cybersecurity journalist Brian Kreb wrote on his blog, KrebsonSecurity.com, on Thursday that the two men discovered the code while investigating breaches at Dun & Bradstreet Corp, Altegrity Inc’s AGRTY.UL Kroll Background America Inc and Reed Elsevier’s LexisNexis Inc.

The hacking team’s server contained huge data of code that appeared to be source code for ColdFusion and Adobe Acrobat. Shortly after that discovery, KrebsOnSecurity shared several screen shots of the code repositories with Adobe.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Adobe to patch bug for Reader

June 15th, 2013

Adobe is planning to patch fairly low severity security vulnerability in all of the current versions of Reader and Acrobat that could enable an attacker to track which users have opened a certain PDF document. The vulnerability can’t be used for code execution, but researchers say it could be used as part of a larger attack.

The vulnerability was discovered and disclosed in late April by researchers at McAfee, who had been watching the behavior of some odd PDF samples in recent weeks. They noticed that all of the samples had a similar, weird characteristic, leading them to investigate and discover the vulnerability.

“Recently, we detected some unusual PDF samples. After some investigation, we successfully identified that the samples are exploiting an unpatched security issue in every version of Adobe Reader including the latest ‘sandboxed’ Reader XI (11.0.2). Although the issue is not a serious problem (such as allowing code execution), it does let people track the usage of a PDF. Specifically, it allows the sender to see when and where the PDF is opened,” Haifei Li of McAfee wrote.

“When a specific PDF JavaScript API is called with the first parameter having a UNC-located resource, Adobe Reader will access that UNC resource. However, this action is normally blocked and creates a warning dialog asking for permission…The danger is that if the second parameter is provided with a special value, it changes the API’s behavior. In this situation, if the UNC resource exists, we see the warning dialog. However, if the UNC resource does not exist, the warning dialog will not appear even though the TCP traffic has already gone.”

Adobe on Thursday acknowledged the issue and said that it wills vulnerability in its next scheduled Reader update on May 14.  Although neither McAfee nor Adobe consider the vulnerability to be serious, Li said that it could be used as one piece of a larger attack, as a method of gathering some intelligence on a target.

“Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider, or even the victim’s computing routine. In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs. For example, the document’s location on the system could be obtained by calling the JavaScript “this.path” value,” Li wrote.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Zero-Day Flaws in Adobe Reader, Acrobat

February 3rd, 2013

Adobe is warning that attackers are exploiting critical flaws in its PDF Reader and Acrobatsoftware to break into vulnerable systems, and that the exploit being used in attacks evades the sandbox protection built into these products.

The company issued an advisory about the threat on Wednesday, which confirms many of the details first disclosed by security firm FireEye earlier this week. FireEye has since posted a follow-up blog entry that sheds some additional light on how this attack works.

According to Adobe, there are two vulnerabilities in play here, and they exist in the latest versions of its software, including Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier for Windows and Macintosh, and Adobe Reader 9.5.3 for Linux.

Adobe says it is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message. The software maker added that it is in the process of working on a fix for these issues.

In the meantime, Windows users of Adobe Reader XI and Acrobat XI can protect themselves from the security exploit by turning on Protected View, as follows: To enable this setting, choose the “Files from potentially unsafe locations” option under the Edit > Preferences > Security (Enhanced) menu.

For those spooked enough to avoid Adobe until a fix is available, there are several other free PDF reader programs available. I have been using Sumatra PDF for some time, and prefer it because it seems very lightweight and fast. Foxit Reader is another popular alternative.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Adobe mends security holes in Flash, Reader, Acrobat

January 9th, 2013

Security flaws in Adobe Flash, Reader, and Acrobat could have been the cause of computer crashes recently. The software company announced today that it sent out updates for these three programs, which are meant to patch security vulnerabilities that cause such system crashes.

“These updates address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system,” the company wrote in a security bulletin today. “Adobe recommends users update their product installations to the latest versions.”

Adobe does not give any further detail on the security vulnerabilities but does strongly recommend that users running all versions of Adobe Flash Player for Windows, Mac OS X, Linux, and Android update their programs. Similarly, the company warns that people using Adobe Acrobat and Reader 11.0.0 and earlier versions on Windows and Mac OS X, and Adobe Reader 9.x versions for Linux are at risk.

Adobe launched new versions of Reader and Acrobat in October. The new XI version of Reader beefed up the Protected Mode features of the program, while the latest Acrobat updated text and image editing.

Adobe Reader has been dinged in the past for security holes, requiring the company to push out one. It seems that despite the new version of the program, Adobe security patches are here to stay.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta