Do Not Open This PDF On A Microsoft Windows PC
A few weeks on from Microsoft warning Windows users that PDF attachments are increasingly being used in attacks, there's another warning and a new lure. While the Windows-maker's alert for PC users came ahead of tax day in the U.S., the new attack is less time critical and has a nasty trick in how it masks its malicious intent.
Microsoft's tax day warning called out 'PDF attachments with an embedded DoubleClick URL that redirected users to a Rebrandly URL shortening link. That link in turn redirected the browser to a landing site that displayed a fake DocuSign page hosted on a domain masquerading as DocuSign.'
When users clicked to download, 'the outcome depended on whether their system and IP address were allowed to access the next stage based on filtering rules set up by the threat actor.' This was a clever form of obfuscation to make it more difficult for security researchers to replicate the attack and craft a fix.
Now, the team at TrustWave SpiderLabs warn 'we've spotted a campaign delivering RemcosRAT, using a fake payment SWIFT copy to lure victims. The attached PDF links to an obfuscated JavaScript file that uses ActiveXObject to fetch a second-stage script. This script invokes PowerShell to download and decode an image hosted on archive.org, which appears harmless but conceals the Remcos payload using steganography.'
Again, obfuscation here is key. The latest trickery in malicious PDFs is to hide links behind QR codes or to compile PDFs without the usual URL tag, making it harder to a security scan to pick up the treat. Steganography takes this to a new level, hiding the link in an image, and making it all but impossible for a user to detect.
As Kaspersky explains, 'steganography is the practice of concealing information within another message or physical object to avoid detection. Steganography can be used to hide virtually any type of digital content, including text, image, video, or audio content. That hidden data is then extracted at its destination. Content concealed through steganography is sometimes encrypted before being hidden within another file format. If it isn't encrypted, then it may be processed in some way to make it harder to detect.'
According to Cybersecurity News, the new attack 'begins with a phishing email that attaches a PDF file contains a malicious link, specifically pointing to malicious webpage: https://huadongarmouredcable.com/pdf/default.php… luring victims into a multi-stage infection process designed to deliver RemcosRAT, a malware known for its ability to remotely control infected systems.'
RemcosRAT is a nasty trojan you don't want anywhere near your PC. But the warning is not really that specific. PDFs are highlighted as a new favorite for cyber attacks, given user wariness as regards Office documents. The feeling amongst users seems to be that PDFs are more benign and therefore safer. Unfortunately, that's not the case.
As for what to look for here. An email headed 'SWIFT Copy' that purports to confirm a bank transfer with an attacked receipt. While for most this lure is typical of the raft of latest threats, these campaigns are hitting plenty of marks. That's why they proliferate.
Delete on sight.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
CNET
2 hours ago
- CNET
11 Home Security Setups I Recommend for Easy Vacation Safety
I know you already have a lot to plan when heading out on vacation, but I've found a few smart home steps can make a world of difference before you're gone. Smart home security isn't just about setting up alarms, though setting up alarms is an important security measure. Security devices can make it easier to manage your home while you're away and protect key weakpoints like your front porch, backyard and windows. Vacation security isn't just about stopping home thieves, either. The right settings and setups can help warn you about other problems or let you fix things you may have forgotten, even if you're hundreds of miles away on a beach. Here are my top steps for your home security before heading out on the road. Read more: My One Must-Do Smart Home Tip When I'm Going on Vacation -- That Everyone Forgets Set up Away or Vacation modes Many smart devices have vacation or away modes you can set up to simulate a lived-in house. CNET Today's smart home and home security settings don't just have Away modes, they also frequently have a Vacation mode. That's a routine you can set up to work while you're away for several days or more (if your home app doesn't have a vacation mode, you can tweak your Away or Eco mode, or set a whole new routine). Devices like Philips Hue lights and platforms like IFTTT make it easy to create full routines that cover multiple devices. CNET Vacation routines can switch smart lights on and off, indoors and out, to make it look like someone is still home. They can also operate other compatible devices, such as managing smart irrigation systems, arming smart cameras and more. Set a routine like this once, and you can use it over and over for trips. Check the motion detection settings for your video doorbell A key tool for keeping watch on your house: video doorbells. Ring/CNET Video doorbells excel at keeping an eye on the action, and their algorithms are getting consistently better at detecting humans and other objects. Companies like Eufy are even working on motion detection that can identify suspicious behavior like dodging main pathways and can look for poor security. However, the motion detection that works best in your daily life isn't always the kind of detection that works when you're on vacation. We suggest visiting the doorbell and home camera apps to look at your motion detection settings. Consider steps like: Turning up motion detection sensitivity Set object detection to only humans to cut down on alerts Set detection zones to close-up spots at your house and windows where people may try to get access Turn up beeps or light indicators that show a camera is on and watching Set notification to push to your phone screen instead of staying only within the app Look for web app options, like Nest's support for online viewing and controls, which is ideal for overseas vacations Additionally, if you pay for a subscription plan, check if it supports 24/7 emergency assistance contact so you can immediately call the police or fire department from an alert. It may be worth upgrading to that type of plan if you'll be gone for a month or two. Finally, Batten security expert Kirk MacDowell also mentioned checking that the lenses on all your home security cameras are clean. If it's been a long, dirty winter you should gently clean off video doorbells and cams so they have the clearest view when you're away. Keep your curtains open or automated To keep your home looking lived in, it's a good idea to have your curtains open during vacations (and it lets the sun in to keep things from getting musty). Or if you have smart curtains or smart shades -- which are also available as a retrofit for existing curtains -- you can program them. Create a schedule for them to open during the day and close at night for best effect. Smart blinds like these don't have to be expensive: Even Ikea has an affordable version. Manage remote entry with a smart lock Aqara's smart lock deadbolt replacement looks and feels great. CNET/Tyler Lacoma Smart locks don't just let you know if you forget to lock the door. They also autolock for you under certain conditions and support a variety of scheduling options. Most useful smart locks, like the Aqara U100 or the Schlage Smart Lever, allow you to create passes or temporary codes to give to visitors. That lets you arrange checkups for pet sitters, plant waterers, helpful neighbors and others you might want to let inside, but only at certain times. Smart locks combine especially well with video doorbells -- just make sure you're in an area with a reliable Wi-Fi connection to use them remotely. Adjust your heating and cooling Ecobee offers a dedicated vacation mode for its smart thermostat. Ecobee/CNET Smart thermostats from Nest, Ecobee and others also have Eco and Away modes you can use to set up separate vacation schedules. Ecobee also has a dedicated Vacation mode in its thermostat settings you can use just for this. The best temperature range varies by season but should be less than you schedule while you're home. For summer, that would mean setting the thermostat 5 to 10 degrees higher in the day, but with a hard cap around 80 to 85 degrees to protect indoor plants and so on. For winter, aim for the reverse with a hard cap around 50 degrees for the daytime. That temperature calculus changes if you have pets in a hot climate. You'll want to keep the home more comfortable by limiting the temperature ranges somewhere in the mid to upper 70s for cooling and around 60 for heating. Set up a "listening" service like Alexa Emergency Assist Alexa's emergency assistant is an affordable listening and contact service. Amazon Listening features use simple algorithms to identify "uh-oh" noises like breaking glass, smoke detector alarms and even dogs barking loudly. Home security systems like Abode or Ring offer listening options, but you don't always need a home security device to enable it. Amazon's Alexa smart speakers and smart displays, for example, have the Alexa Emergency Assist service, the successor to Alexa Guard. It costs around $6 monthly, and gives you access to sound detection as well as 24/7 emergency response services and emergency contacts for family. That's a nice deal to enable for a few months if you're going on plenty of vacations for a season, and the two-way audio on all Alexa speakers means you can talk through them live whenever you want. Keep watch with an armed security system If your home doesn't have a whole house security system that can monitor multiple access points like windows and doors, this is a fine time to consider one. Today's home security systems don't need professional installation, or even a monthly subscription, to guard your home -- and many work with third-party smart devices, too. Take a look at our guides on the best DIY home security systems, the best cheap security systems and the best systems overall for your home to learn a whole lot more about your choices. Add a leak detector to vulnerable home spots Kangaroo includes a climate sensor, aka leak detector, in its expanded eight-piece home monitoring kit. Kangaroo A leak detector is a clever little device with an open circuit lying against the floor. When water completes that circuit, it sets off all sorts of alarm bells and app notifications letting you know there's a leak present. That makes them valuable when you're away from home for extended periods of time. Stick them by the toilet, under the kitchen sink, next to the water heater or under pipes that may be in danger of freezing during a winter vacation. Leak detectors are available as an add-on for most home security systems, but you can also find standalone versions like Eufy's $35 model (requires a HomeBase) or the Alexa-compatible Kidde Leak Detector starting at $45. We suggest these models because they work with apps, which is important when you'll be away from home entirely. Tell your home monitoring center you'll be gone If you do splurge for professional home monitoring, look up their website and find a contact email or phone number to let them know that you'll be on vacation. Many home monitoring centers will adjust their official responses when they know that everyone is going to be away from home. Give your mail service a call (optional) Calling the post office used to be a go-to step when leaving for vacation. And if your vacay is going to be longer than a week or so, we still highly recommend messaging your local mail service and requesting to hold your mail. It's really easy to do and you can complete the steps online in a couple of minutes. However, we aren't getting as much mail these days as we once did, and it's harder than ever for strangers to notice when someone's mail is piling up. If you're only going to be gone for several business days or say, you can probably skip this step safely. Stay cautious about what you post online Vacations are awesome, but be wary about posting too much info on social media. mihailomilovanovic via Getty We know it's tempting to post about your vacation plans on social media, but this can also be an invitation for burglars or trespassers to make a visit. Unfortunately, it's difficult to know and trust everyone on your friends list, or friends of their friends who may see status updates as well. To stay safe, avoid posting info and pics about your trips until they are finished. Then you can cut loose and unleash all those perfect shots on Instagram, TikTok, or Facebook. Bonus tip: If you're renting, look at your lease Some leases require tenants to let landlords know if they'll be going on vacation for a certain amount of time, like longer than a week. Others don't mention it at all. Check your lease for details. Even if you don't have to alert anyone, you may find additional requests like shutting off water mains, setting the temperature to a certain level, arranging pet sitter access and so on. Finally, now is the perfect time to stop by our guide on how to deter burglars from every trying your house in the first place, information on if thieves are actually using Wi-Fi jammers on smart homes, and the all-around security cheat sheet for setting up different parts of home security. Don't miss any of CNET's unbiased tech content and lab-based reviews. Add us as a preferred Google source on Chrome.
Business Insider
5 hours ago
- Business Insider
How Gen Zers are landing roles in tech — or pivoting away
Kanika Mohan thought she'd have a job after graduation — and hopefully it would come with three meals and laundry service. The 21-year-old studied computer science, had a slate of summer internships at top tech companies, and regularly attended campus career fairs. A first-generation college student, the 2025 grad felt STEM was the surefire path to corporate success. "I love building things and computer science was a pretty hot topic over social media," Mohan said. The jobs were cushy, with all kinds of perks. "It was just insane to think about," she added. "I never saw my parents have any of those jobs. My parents worked regular, non-corporate, blue-collar jobs." Frustrated by a monthslong job hunt, Mohan began looking outside Big Tech. She said she applied for business analyst and marketing roles at airlines, banks, and consumer companies, and any other opportunity she could find in her skillset. She was eventually hired by a major tech company, but she's glad that she broadened her search. Mohan's experience is increasingly common. Jobs in computer science and tech have long been advertised as a path to lucrative salaries and luxurious office perks. But, with AI and widespread corporate cost-cutting contributing to a white-collar hiring slowdown, the industry is hemorrhaging entry-level opportunities. The tech job market is not just rough for newcomers. Daniel Zhao, chief economist at Glassdoor, wrote in a new blog post that the US tech industry seems to be in an employment recession because it mirrors the Great Recession. US job postings for tech workers on job-search platform Indeed have cooled more than overall postings from Great Resignation peaks. However, some more experienced job seekers may fare better if they have the skills needed in the growing AI talent war. As doors close across the industry, tech grads are having to rethink their dream roles. BI spoke with Gen Zers and labor market experts to understand the challenges young tech aspirants are facing — and potential solutions. Business Insider is reporting on how each generation is experiencing the job market. If you're open to sharing your experience, reach out to one of these reporters at allisonkelly@ jkaplan@ and mhoff@ And read our coverage: Ambitious Gen Zers did everything right. Then they hit the job market. Frustrated job seekers are giving up on their dream roles: 'I'll take almost anything' Job searching in 2025? It's a mess no matter how old you are. Welcome to the age of office paranoia, when layoffs, AI, and job insecurity are terrorizing workers 'Chances are you won't get a job at Microsoft' After landing her role, Mohan now teaches other 20-somethings on TikTok about how to break into the tech industry. "One thing I realized is that a lot of people have a dream company or a dream role," she said. "But it's really tough to do that anymore. You can't just be like, 'I want to work at Microsoft, so I'm only going to apply to Microsoft.' Chances are you won't get a job at Microsoft." Economists said this is a smart strategy. The number of computer and information sciences grads has increased in recent years, so holders of those degrees face more competition for a shrinking number of openings. AI is also shifting what entry-level work looks like in those fields, and companies are looking for ways to cut costs and streamline their workforce. Zhao, the Glassdoor economist, told Business Insider that many tech employers have been slow to hire entry-level workers. A Burning Glass Institute report showed that the unemployment rate for Gen Zers and younger millennials in computer and math occupations has recently increased from before the pandemic, meaning recent graduates could be up against others competing for similar roles. "It's no surprise that new graduates in computer science and engineering have had a tough time getting their foot in the door," Zhao said. It's part of why Gen Zers like Timothy Innamorato are considering pivoting. He wanted to work in tech, but he's also been applying for grocery store and janitorial jobs. Since completing a certification program in computer science and information technology last year, 27-year-old Innamorato has sent out a few hundred job applications, he said, and has landed around eight interviews in his field. "I've been shifting my views on whether or not I even want to continue looking at the moment, especially with the AI thing that's happening now," he said. He's also gotten a few interviews for grocery store jobs, which he's been applying to because he needs something to keep him afloat. He's had some success getting callbacks when he applies to custodial positions in his local school district. "Everybody now is shifting over to the idea of going to do trades, so being a plumber or doing HVAC or being an electrician. Honestly, that doesn't sound like a bad thing, it's just that you got to be on your feet a lot more and you got to go to people's houses and crawl in attics," he said. "It's not the same as IT. But I mean, I don't know." How to stand out in the application 'numbers game' Charley Kim, 23, recently landed a software engineering role at a Big Tech company. He said he's lucky — he graduated in 2024 with a computer science degree and knows several friends who are still looking for work. "There are just so many people applying to the jobs, and there's only a limited number of jobs out there," Kim said, adding, "Getting an interview is probably harder than the interviews themselves." Though Kim said that the job hunt can feel like a random "numbers game," he thinks the effort he put into networking paid off. Not only did talking to people already in the tech industry help him hone his application, he said it allowed him to get the referrals he needed to make his résumé stand out from the pile. Christine Cruzvergara, chief education strategy officer at Handshake, said it's important to build a community because job searching can be time-consuming and emotionally taxing. As Mohan put it, the post-grad job search can feel "really scary, really harsh, and really painful." Cruzvergara said your community can include friends, advisors, or whoever can help you feel better and give you real feedback during job hunting. Cruzvergara also suggested not filling out hundreds of applications and instead making sure you're putting enough time into checking out the company, including whether it seems like a good fit. " Mass applying is actually hurting people because they're putting in lower-quality applications that aren't going to stand up in a competitive applicant pool," Bonnie Dilber, a recruiter at a software company, previously told Business Insider. Natasha Pillay-Bemath, vice president of global talent acquisition and executive search at IBM, said there will continue to be demand for entry-level talent, especially in "more critical, complex spaces of tech like AI and cloud." Strong applicants should show that they can both master using AI and also lean on soft skills like creativity and effective communication, she said, as AI takes away the "rote work" of an entry-level hire. Mohan said she had a few different versions of her résumé and cover letter depending on the types of roles she was applying for. Putting her experience and interests on paper — and occasionally using AI to optimize for specific positions — helped her build confidence. "Building my résumé early on helped me also realize that I know I can switch industries," she said. "I realized what industry I like and what roles I like because there's so, so many different things you can do. You won't know that unless you actually try."
Yahoo
8 hours ago
- Yahoo
Marvell Technology, Inc. (MRVL): A Bear Case Theory
We came across a bearish thesis on Marvell Technology, Inc. on Irrational Analysis's Substack. In this article, we will summarize the bulls' thesis on MRVL. Marvell Technology, Inc.'s share was trading at $77.34 as of August 8th. MRVL's trailing and forward P/E were 22.15 and 27.40, respectively according to Yahoo Finance. Copyright: ralwel / 123RF Stock Photo Marvell is currently facing significant setbacks with its high-speed SerDes technology, a critical component in its networking and custom AI chip initiatives, leading to strained relationships with major customers like Microsoft and Amazon. Recent reports from Edgewater Securities and Semianalysis reveal that both Marvell and its competitors have struggled with SerDes performance issues, causing delays such as a second tape-out for the Trn3 ASIC and pushing mass production to the second half of 2026. Microsoft is reportedly reconsidering Marvell as a silicon partner due to underwhelming networking performance, while Amazon is shifting its Trainum 4 AI chip production away from Marvell to alternative suppliers like Alchip and Astera Labs, which use more reliable IP from Synopsys and Cadence. Marvell's internal attempts to hype its XPU and AI socket initiatives have been met with skepticism, as industry insiders claim Marvell is not involved in key emerging AI projects. Despite boasting of numerous ISSCC publications and advanced 5nm SerDes demos, real-world performance has been disappointing—demos have shown high error rates even with aggressive cooling, and comparisons favor competitors like Broadcom, whose SerDes deliver better error correction and reliability. Marvell's sales and demo tactics, including selective performance metrics and controlled testing environments, have been criticized as misleading. While some technological advances like dense SRAM and novel power delivery (PIVR) are praised, the overall narrative suggests Marvell is struggling to deliver the promised value in its cutting-edge chip segments. The combination of delayed products, technical flaws, and customer defections casts a shadow over Marvell's growth prospects and raises questions about its ability to compete against rivals with superior IP and execution. Previously we covered a on Marvell Technology, Inc. by Simple Investing in January 2025, which highlighted Marvell's strong data center growth, custom silicon deals, and positive financial outlook. The company's stock price has depreciated approximately by 32% since our coverage, reflecting setbacks in SerDes technology and customer concerns. The thesis still stands as Marvell's IP portfolio and market diversification support long-term growth. Irrational Analysis shares a contrarian view but emphasizes near-term technical and execution challenges. Marvell Technology, Inc. is not on our list of the 30 Most Popular Stocks Among Hedge Funds. As per our database, 73 hedge fund portfolios held MRVL at the end of the first quarter which was 105 in the previous quarter. While we acknowledge the potential of MRVL as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: 8 Best Wide Moat Stocks to Buy Now and 30 Most Important AI Stocks According to BlackRock. Disclosure: None. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
