Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 25, 2023
Severity High Analysis Summary CVE-2023-42753 Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due […]September 25, 2023Severity Medium Analysis Summary AsyncRAT is an open-source tool designed for remote monitoring via encrypted connections. However, it could be utilized by threat actors as it […]September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 25, 2023Severity High Analysis Summary CVE-2023-42753 Linux Kernel could allow a local authenticated attacker to execute arbitrary code on the system, caused by an integer underflow due […]September 25, 2023Severity Medium Analysis Summary AsyncRAT is an open-source tool designed for remote monitoring via encrypted connections. However, it could be utilized by threat actors as it […]September 22, 2023Severity High Analysis Summary Ducktail Malware is a malicious program designed by hackers to infiltrate computers and networks globally. Ducktail malware is typically delivered through a […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – CVE-2020-3452 – Cisco Network Security Flaw Leaks Sensitive Data
July 24, 2020Rewterz Threat Advisory – CVE-2020-14307 – Red Hat JBoss Enterprise Application Platform denial of service
July 27, 2020
Severity
High
Analysis Summary
Fifteen out of 28 desktop PDF viewer applications are vulnerable to a new attack that lets malicious threat actors modify the content of digitally signed PDF documents. The list of vulnerable applications includes Adobe Acrobat Pro, Adobe Acrobat Reader, Perfect PDF, Foxit Reader, PDFelement, and others.
Academics have named this technique of forging documents a Shadow Attack. A Shadow Attack is when a threat actor prepares a document with different layers and sends it to a victim. The victim digitally signs the document with a benign layer on top, but when the attacker receives it, they change the visible layer to another one. Because the layer was included in the original document that the victim signed, changing the layer’s visibility doesn’t break the cryptographic signature and allows the attacker to use the legally-binding document for nefarious actions — such as replacing the payment recipient or sum in a PDF payment order or altering contract clauses. According to the research team three variants of a Shadow Attack exist:
- Hide — when attackers use the PDF standard’s Incremental Update feature to hide a layer, without replacing it with anything else.
- Replace — when attackers use the PDF standard’s Interactive Forms feature to replace the original content with a modified value.
- Hide-and-Replace — when attackers use a second PDF document contained in the original document to replace it altogether.
The Shadow Attack is currently tracked with the CVE-2020-9592 and CVE-2020-9596 identifiers.
Impact
- Security Bypass
- Data Manipulation
Affected Vendors
- Adobe
- Others
Affected Products
- Adobe Acrobat and Reader versions 2020.006.20042 and earlier
- 2017.011.30166 and earlier
- 2015.006.30518 and earlier
Remediation
Update PDF viewer apps to latest versions.