Alternatively they can conduct internal vulnerability assessments of their assets to identify vulnerabilities within them.
ADOBE ACROBAT DC PRO UPDATE 15.006.30121 SOFTWARE
In order to identify if there are vulnerable organisations would need to know the software and version installed on all their assets (workstations, laptops, tablets, servers) and then monitor security feeds such as those from CERTS or Adobe to identify vulnerabilities within the assets as part of their vulnerability management programme. In this scenario to defend themselves the victims need to identify if they are vulnerable and the attack surface area and then implement controls to remediate the vulnerability.
Hopefully the scenario and the examples of what the terms mean in the context scenario help explain the usage of the terms by cyber security professionals. The scenario is illustrated in the diagram below.
ADOBE ACROBAT DC PRO UPDATE 15.006.30121 PDF
The recipient would receive the email and the attacker is hoping that the PDF file will be opened by the recipient using a version of one of the affected Adobe products allowing the code to execute and cause a denial of service attack.įor the more technical I have based this on a actual reported vulnerability CVE-2016-1009 which affects Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X and allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. The PDF file is attached to an email which is then sent to the victim (could be a known individual in a targeted attack or to a large group of email addresses the attacker has obtained). The attacker will create a malicious payload in this scenario it is a PDF file that contains code that will take advantage of (exploit) the discovered vulnerability in a number of Adobe products. The scenario is an attacker sends an email with an attachment that is a malicious PDF the contains executable code if viewed on Adobe Reader, in this scenario the code will cause a denial of service. In this post I'm using an example of a malicious PDF attack to explain the terms. In this post I am aiming to explaining some of the common terms (such as attack vector, attack surface area) used when discussing cyber attacks in the way non-technical people can understand.
0 kommentar(er)
