One of the circled items, URLDownloadToFileA, is a Windows API function to download a file from a remote server and to save it on the user’s PC. In this infected PDF, the shellcode uses it to point the PC to an infection point, which is the IP address we have circled (by the way, don’t visit that IP address). Once the infected file is downloaded, the shellcode will execute it, infecting the computer

[link to threatpost.com (secure)]

England-based Security Software Company Sophos Labs has discovered that a new spam campaign is on the prowl where victims are cyber attacked with ransomware hidden inside PDF documents. And as per the researchers of Sophos Labs, the ransomware gets downloaded and is run by a macro hidden inside a Word Document that is deeply nested inside a PDF doc.

[link to www.cybersecurity-insiders.com (secure)]

The new attack, called PDFex, comes in two variations and in testing, it was successfully able to steal data from PDF files in 27 desktop and web PDF readers including Adobe Acrobat, Foxit Reader, Nitro and from Chrome and Firefox's built-in PDF viewers.

PDFex doesn't actually target the encryption used on PDF documents by external software. Instead the attack targets the encryption schemes used by the Portable Document Format (PDF) which means all PDFs are vulnerable regardless of the software used to view them.

[link to www.techradar.com (secure)]