Browse archive

Latest news

The CSO perspective on healthcare security and compliance

Jailed hacker designs device to thwart ATM card skimming

U.S. Congress has questions about Google Glass and privacy

Cyber espionage campaign uses professionally-made malware

Form-grabbing rootkit sold on underground forums

Large cyber espionage emanating from India

Over 45% of IT pros snitch on their colleagues

U.S. DOD decides iPhones and iPads can connect to its networks

Digital Government Strategy progress and challenges

Barracuda updates web application firewall

Thoughts on the need for anonymity

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Adobe Reader 0-day exploit sold for $50,000

Posted on 08 November 2012.

The good news is that the exploit costs $50,000 which limits the purchase of it to defense contractors, nation states and some criminal organizations that may be able to recoup the cost of purchase.

It’s good that Group-IB has publicly disclosed this vulnerability in Adobe, and hopefully Adobe will be able to get their hands on this exploit and patch it as soon as possible to safeguard customers.

Right now, this exploit isn’t a wide-spread threat to most consumers; however, it could be a concern to large organizations and government agencies that are susceptible to highly targeted attacks that frequently use exclusive 0 day exploits.

I would highly advise users that do not need the Adobe plug-ins to disable them and scrutinize all PDF documents from un-trusted sources, especially if you work with the government or businesses that have been targeted in APT-style attacks.

Once this exploit is available to the public, there is potential for it to be added to Black Hole and other exploit kits and it may even be improved from its current state for malicious intent to address multiple platforms.