PDFs

Winsage
March 18, 2025
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a Windows vulnerability tracked as ZDI-CAN-25373 since 2017 for data theft and cyber espionage. Microsoft has classified this vulnerability as "not meeting the bar for servicing," meaning no security updates will be released. The flaw allows attackers to execute arbitrary code on affected Windows systems by concealing malicious command-line arguments within .LNK shortcut files, using padded whitespaces to evade detection. Nearly 70% of the analyzed attacks linked to this vulnerability were related to espionage, while 20% aimed for financial gain. Various malware payloads, including Ursnif, Gh0st RAT, and Trickbot, have been associated with these attacks. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a malicious file. Microsoft has not assigned a CVE-ID to this vulnerability but is tracking it internally as ZDI-CAN-25373. A Microsoft spokesperson mentioned that the company is considering addressing the flaw in the future.
Winsage
February 23, 2025
QuickLook is an application for Windows that replicates a macOS feature allowing users to preview files by selecting them and pressing the space bar. It streamlines the process of reviewing documents, images, and media files without opening each one individually. Users can download QuickLook from the Microsoft Store, and it operates system-wide, including in Open/Save dialog boxes. The app supports a wide range of file types for previewing, excluding executable files, and allows for basic modifications, such as editing text in Word documents and cropping images. QuickLook can significantly reduce the time spent on routine tasks, enabling users to accomplish actions more quickly. Additionally, it supports plugins for specialized file types and can be set to launch automatically at startup.
Winsage
February 19, 2025
A significant alert has been issued for Microsoft Windows users regarding the Snake Keylogger, an advanced keylogger capable of extracting sensitive information from web browsers like Chrome, Edge, and Firefox. It logs keystrokes, captures credentials, and monitors clipboard activity. The malware has already infiltrated millions of PCs and activates upon system restart, disguising itself among benign Windows processes. Fortinet reports that the Snake Keylogger has been circulating since 2020, infiltrating systems through malicious Office documents or PDFs attached to emails. If opened with macros enabled or using vulnerable software, the malware executes. It employs AutoIt scripting to obfuscate its operations and sets its attributes to hidden to complicate detection. The keylogger places a file in the Windows Startup folder to ensure it launches automatically with each restart, maintaining access to the compromised system. Once installed, it checks its environment to capture specific security credentials through keystrokes, clipboard data, or browser autofill information, transmitting this data to its handlers. Fortinet has observed the Snake Keylogger in various countries, including China, Turkey, Indonesia, Taiwan, and Spain. Users are advised to keep security software updated and exercise caution with email attachments from untrusted sources.
Winsage
December 24, 2024
Editing PDF files on Windows 10 is often necessary for correcting errors, filling out forms, adding comments, or updating information. Various free PDF editors are available online, including Tenorshare PDNob, which offers a free month of premium features. To edit a PDF using Microsoft Word, open the program, select the PDF file, and make edits after it converts to an editable format. Adobe Acrobat allows for professional editing but requires a subscription for advanced features. Tenorshare PDNob provides a free solution with features like text editing, file conversion, compression, watermark removal, image extraction, and secure editing. Windows 10 does not include a built-in PDF editor, but it has Microsoft Edge for basic viewing and annotations. Editing a PDF file is possible with tools like Microsoft Word, Adobe Acrobat, or dedicated editors like Tenorshare PDNob.
Winsage
December 23, 2024
The Preview pane in File Explorer allows users to view file contents directly in a panel on the right side of the screen, supporting various formats including Office documents, PDFs, images (JPG, PNG), audio files (WAV, MP3), and videos (MP4). Microsoft PowerToys offers a feature called Peek for rapid file previews using a keyboard shortcut (Ctrl + Space), supporting images, PDFs, and Microsoft Office documents. The QuickLook app for Windows enables file previews by selecting files and pressing the spacebar, supporting images, videos, and compressed files (ZIP, RAR), as well as text documents like Markdown files. WinQuickLook is a paid alternative to QuickLook that allows users to preview files in File Explorer by pressing the spacebar, displaying essential file information and enabling quick access to native applications.
Winsage
December 17, 2024
The Securonix Threat Research team has identified a phishing campaign called the “FLUX#CONSOLE campaign,” which targets tax-related themes using Microsoft Common Console Document (MSC) files to deliver a backdoor payload. The attack begins with a phishing email containing a decoy PDF titled “Income-Tax-Deduction-and-Rebates202441712.pdf,” which conceals an MSC file that executes malicious payloads. The campaign employs various tactics, including tax-themed lures, exploitation of MSC files, DLL sideloading using DISM.exe, persistence through scheduled tasks, and advanced obfuscation techniques. The attack chain involves tricking users into opening a malicious MSC file disguised as a PDF, which contains XML commands to download or extract a malicious DLL named DismCore.dll. The DLL is sideloaded using Dism.exe, and the malware communicates with a Command-and-Control server at “hxxps://siasat[.]top,” exfiltrating data via encrypted HTTPS traffic. The attackers maintained access for about 24 hours, targeting victims in Pakistan. The tactics used do not align with known advanced persistent threat groups, highlighting the growing threat of MSC files as a delivery method for malware. Indicators of Compromise (IOCs) include the C2 address siasat[.]top and analyzed file hashes for the malicious files involved in the campaign.
AppWizard
December 5, 2024
Google Chrome for Android will soon support native PDF file opening without third-party applications, allowing users to search and annotate PDFs directly in the browser and save them to Google Drive. This feature was discovered by Chrome expert Leopeva64 in February and has been confirmed to be operational on devices like the OnePlus Open running Android 14. The PDF viewer in Chrome is minimalistic but effective, with navigation and search capabilities. Users can annotate PDFs using a toolbar that includes options for pens and highlighters. This functionality is supported by the Jetpack PDF support library, which is included in Android 15 but also available for older versions through Google Play System Updates. Users need to enable specific flags to access this feature, which is available in Chrome 132 or later, currently in Beta.
Tech Optimizer
November 19, 2024
Many Mac users question the necessity of additional antivirus software, which depends on their usage patterns and operating environments. macOS has a strong security framework, including built-in antivirus Xprotect, which is sufficient for average users. However, high-risk users may require more advanced protection. Top free antivirus software options for Mac in 2024 include: - Bitdefender: Offers a free on-demand malware scanner, lightweight operation, and customizable scanning options. Free for one device; business plans start at .99/month. - Malwarebytes: Provides a free virus cleanup tool that works with other security software, excelling at detecting elusive malware. Free for one device; business plans start at .97/year. - Avira: Features scheduled virus scanning, a free VPN, a password manager, and a junk file cleaner. Free for one device; paid plans start at .99/month. - Total AV: Includes a Smart Scan feature and various utilities for system maintenance. Free for one device; pro plans start at .95/year. For most businesses, macOS's built-in Xprotect is adequate, but specific needs may warrant additional tools like Malwarebytes for cleanup or Bitdefender for high-risk activities. The analysis of these products involved hands-on testing and review of independent audit results and customer feedback.
AppWizard
October 23, 2024
Google Keep is enhancing its functionality, particularly for handwritten notes, in the latest version 5.24.422.02.90. The app will introduce a new handwritten notes capability for Android devices with stylus support, such as the Galaxy Z Fold 6 and Galaxy S24 Ultra, as well as for users who draw with their fingers. The new handwritten notes will be visually distinct from existing drawing notes, with titles positioned differently. Users will be able to share handwritten notes in PDF format instead of just image files. A "Text to sketch" feature may also be included in future updates. These enhancements will be available on both mobile and web clients, although web notes will currently be uneditable and viewable only as PDFs. Additionally, users will soon be able to customize handwriting backgrounds with color, and notes with images will allow for resizing, cropping, and repositioning. Other upcoming features include a window resize option and the ability to manage multiple accounts in split mode on foldable devices.
Search