10 Security Bugs You Should Be Watching

UK Examines PDF Vulnerability

GovCertUK, the Computer Emergency Response Team (CERT) for the UK Government, reports that an advanced feature of Adobe PDF reader is being used to deliver malicious payloads, leveraging an email-based attack vector. The organization says it has been tracking a number of spear phishing campaigns targeting governmental groups in the UK that use the XDP file format, which contains a Base64-encoded copy of a standard PDF file. The malware employs a related strategy to evade AV detection and intrusion detection systems.


Get a roundup of CRN's security coverage right to your inbox with the Security Advisor newsletter.