Adobe releases more security updates, equips Adobe Acrobat DC with a sandbox

A week after the June 2020 Patch Tuesday, Adobe has plugged more critical security holes in some of its well known graphic design and video and audio editing software. The company has also announced that it will be adding the Protected Mode feature (i.e., a sandbox) to the Windows version of Adobe Acrobat DC.

Protected Mode Adobe Acrobat

The security updates

Both the Adobe Illustrator and the Adobe After Effects updates fix five flaws that can lead to code execution. The Adobe Premiere Pro and Adobe Premiere Rush updates fix three of them, and the Adobe Audition update resolves two.

Finally, the update for Adobe Campaign, a software application for coordinating the creation of conversational marketing campaigns, fixes just one “important” vulnerability that ultimately could lead to information disclosure.

The priority rating for all of these updates is not high, because they resolve vulnerabilities in products that have historically not been a target for attackers. Also, none of the vulnerabilities are actively exploited by attackers. Nevertheless, admins should not take long to install the updates.

Protected Mode for Adobe Acrobat DC

Adobe Acrobat DC is the subscription versions of Acrobat combined with Document Cloud services, and allows users to create PDFs, export them, edit them, sign them, share them, etc.

“Enabling Protected Mode in Acrobat DC provides additional layers of protection that help you better protect desktop environments from potentially malicious code. Documents and application code are isolated within a ‘Sandbox’ (i.e. a confined execution environment). This offers additional protections should users inadvertently open malicious PDFs,” the company shared.

Protected mode is still in preview, and can be enabled through Acrobat’s security preferences (see image above) or by setting a specific registry key.

The move comes nearly ten years after Adobe added the feature to Acrobat Reader DC, its widely used (free) PDF reader.

A new way for securing web browsers from hackers

A powerful new approach to securing web browsers is getting its first real-world application in the Firefox browser.

Developed by a team of researchers from The University of Texas at Austin, the University of California San Diego, Stanford University and Mozilla, the approach shifts some of the browser code into “secure sandboxes” that prevent malicious code from taking over the user’s computer.

The new approach is now part of a test release of the Firefox browser for the Linux operating system and could be available on Windows and MacOS platforms within a few months.

How does it work?

Web browsers use libraries of code to do common activities — such as rendering media files including photos, videos and audio — but these libraries often have unreported bugs that can be exploited by hackers to take control of a computer.

“Modern browsers are the nightmare scenario for security,” said Hovav Shacham, professor of computer science at UT Austin and co-author of a related paper accepted for presentation at a computer security conference to be held this August.

“They have every feature imaginable. The more features you have, the more bugs there are. And the more bugs there are, the more chances an attacker has to compromise people’s devices. Attackers love attacking browsers, and they really understand how to do it.”

To prevent hackers from exploiting these vulnerabilities, the researchers are adapting WebAssembly, a security mechanism originally designed to speed up web applications that run within a browser while keeping those applications within “secure sandboxes” that prevent malicious code from taking over the user’s computer.

Applications that take advantage of WebAssembly include games and apps that perform music streaming, video editing, encryption and image recognition. In the researchers’ new approach, some of the browser’s own internal components — those responsible for the decoding of media files — would be shifted into WebAssembly sandboxes.

Full release versions are expected

The new approach will initially be applied to a test version of Firefox for the Linux operating system and will secure just one rendering library used for certain fonts.

Assuming the initial tests go well, the team expects the approach will be gradually expanded to include stable, full release versions of the browser on all major operating systems. They also anticipate future expansion will include other components involved in rendering media files.

“If the initial tests go well, then Firefox could apply this to all the image, video and audio formats that the browser supports,” Shacham said. “The hope is that at some point, bugs in all of those libraries become useless for hacking Firefox. And if that happens, then user security would be greatly improved.”

Over time, as more parts of the browser get these improvements and are incorporated into versions on more operating systems, it could improve security for millions of users worldwide. There are roughly 250 million monthly active users of the Firefox browser on desktop computers.

“Defects happen,” said Eric Rescorla, Firefox CTO at Mozilla. “To keep our users secure on the internet, we need to ensure that a single programming error cannot easily compromise the browser. To date the industry’s approach to this problem has been very coarse-grained, which limits its effectiveness. We’re very excited to bring the new level of isolation provided by RLBox to our users.”

You can read more about this project from Mozilla’s Hacks Blog.

Malware and ransomware attack volume down due to more targeted attacks

Cybercriminals are leveraging more evasive methods to target businesses and consumers, a SonicWall report reveals.

ransomware attack volume down

“Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner.

“Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so embolden they’re now negotiating the terms.”

The 2020 SonicWall Cyber Threat Report is the result of threat intelligence collected over the course of 2019 by over 1.1 million sensors placed in over 215 countries and territories.

Cybercriminals change approach to malware

Spray-and-pray tactics that once had malware attack numbers soaring have since been abandoned for more targeted and evasive methods aimed at weaker victims. SonicWall recorded 9.9 billion malware attacks, a slight 6% year-over-year decrease.

Targeted ransomware attacks cripple victims

While total ransomware volume (187.9 million) dipped 9% for the year, highly targeted attacks left many state, provincial and local governments paralyzed and took down email communications, websites, telephone lines and even dispatch services.

The IoT is a treasure trove for cybercriminals

Bad actors continue to deploy ransomware on ordinary devices, such as smart TVs, electric scooters and smart speakers, to daily necessities like toothbrushes, refrigerators and doorbells.

Researchers discovered a moderate 5% increase in IoT malware, with a total volume of 34.3 million attacks in 2019.

Cryptojacking continues to crumble

The volatile shifts and swings of the cryptocurrency market had a direct impact on threat actors’ interest to author cryptojacking malware. The dissolution of Coinhive in March 2019 played a major role in the threat vector’s decline, plunging the volume of cryptojacking hits to 78% in the second half of the year.

Fileless malware targets Microsoft Office/Office 365, PDF documents

Cybercriminals used new code obfuscation, sandbox detection and bypass techniques, resulting in a multitude of variants and the development of newer and more sophisticated exploit kits using fileless attacks instead of traditional payloads to a disk.

While malware decreased 6% globally, most new threats masked their exploits within today’s most trusted files. In fact, Office (20.3%) and PDFs (17.4%) represent 38% of new threats detected by Capture ATP.

Encrypted threats are still everywhere

Cybercriminals have become reliant upon encrypted threats that evade traditional security control standards, such as firewall appliances that do not have the capability or processing power to detect, inspect and mitigate attacks sent via HTTPs traffic.

Researchers recorded 3.7 million malware attacks sent over TLS/SSL traffic, a 27% year-over-year increase that is trending up and expected to climb through the year.

ransomware attack volume down

Side-channel attacks are evolving

These vulnerabilities could impact unpatched devices in the future, including everything from security appliances to end-user laptops. Threat actors could potentially issue digital signatures to bypass authentication or digitally sign malicious software.

The recent introduction of TPM-FAIL, the next variation of Meltdown/Spectre, Foreshadow, PortSmash, MDS and more, signals criminals’ intent to weaponize this method of attack.

Attacks over non-standard ports cannot be ignored

This year’s research indicated that more than 19% of malware attacks leveraged non-standard ports, but found the volume dropping to 15% by year’s end with a total of 64 million detected threats. This type of tactic is utilized to deliver payloads undetected against targeted businesses.

“The application layer is the biggest target right now. The average commercial web application, like the one that we all use for our shopping or banking, has 26.7 vulnerabilities. That’s a shocking number. Imagine if your airline averaged 26.7 safety problems! Fortunately, it is now possible to give software a sort of digital immune system. Web applications and APIs can be provided with defences that enable them to identify their own vulnerabilities and prevent them from being exploited. Once teams see exactly where they are weak and how attackers are targeting them, they can quickly clean up their house. Ensuring that they (and those using their software) are protected,” Jeff Williams, at Contrast Security, told Help Net Security.