exploit - Home

BlueKeep Attacks seen in the wild!

Sameer Patil / 6 years
2
2 min read

CVE-2019-0708, popularly known as BlueKeep, is a RDP pre-authentication vulnerability which allows attacker to compromise a vulnerable system without user’s interaction. This exploit is also wormable, meaning that it can spread to other vulnerable systems in a similar way as the WannaCry malware spread across the globe in 2017. Interestingly, healthcare products like radiography, X-ray […]

Obfuscated Equation Editor Exploit (CVE-2017-11882) spreading Hawkeye Keylogger

Pradeep Kulkarni / 7 years
0
8 min read

Cyber-attacks through phishing emails are increasing and generally, attackers use DOC embedded macros to infiltrate victim’s machine. Recently Quick Heal Security Labs came across a Phishing e-mail sample which uses Microsoft’s equation editor exploit to spread Hawkeye keylogger. Cybercriminals use different techniques to steal confidential data. Now they are offering advanced forms of malware to […]

CVE-2018-8440 – Task Scheduler ALPC Zero-Day Exploit in the Wild

Sameer Patil / 7 years
0
2 min read

The recent zero-day vulnerability CVE-2018-8440 in Windows Task Scheduler enables attackers to perform a privilege elevation on targeted machines. Microsoft has released a security advisory CVE-2018-8440 on September 11, 2018 to address this issue. According to Microsoft, successful exploitation of this vulnerability could run arbitrary code in the security context of the local system. About […]

CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability – An advisory by Quick Heal Security Labs

Prashant Kadam / 8 years
0
2 min read

The recent zero-day vulnerability in Windows VBScript Engine (CVE-2018-8174), enables attackers to perform a remote code execution on targeted machines. Microsoft has released a security advisory CVE-2018-8174 on May 8, 2018, to address this issue. According to Microsoft, it impacts most of the Windows Operating Systems. Vulnerable versions Windows 7 x86 and x64 versions Windows Server 2012 R2 Windows RT […]

Chinese, Russian hackers counting on Apache Struts vulnerabilities – a report by Quick Heal Security Labs

Sameer Patil / 8 years
2
5 min read

Apache Struts is an open-source CMS based on MVC framework for developing Java EE Web Applications. Apache Struts has been widely used by many Fortune 100 companies and government agencies over the years for developing web applications. But, websites built using a CMS constantly need to upgrade the CMS versions in their web application servers, because vulnerabilities in the CMS framework directly […]

Malspam campaigns exploiting recent MS Office vulnerability ‘CVE-2017-11882’ – An Analysis by Quick Heal Security Labs

Aniruddha Dolas / 8 years
0
5 min read

No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro, CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2017-11882. Let’s take a look at in-depth analysis of one […]

CVE-2018-4878 – Adobe Flash Player use after free (Zero Day) vulnerability Alert!

Pradeep Kulkarni / 8 years
0
1 min read

The recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable versions Adobe Flash Player 28.0.0.137 […]

An emerging trend of DDE based Office malware – an analysis by Quick Heal Security Labs

Aniruddha Dolas / 8 years
0
3 min read

For the past few years, we have been seeing macro-based attacks through Object Linking Embedding (OLE)/Microsoft Office files. But, presently, attackers are using a different technique to spread malware through Office files – using a new attack vector called ‘Dynamic Data Exchange (DDE)’. DDE is an authorized Microsoft Office feature that provides several methods for transferring data between applications. Once the communication protocol is established, it doesn’t require user interactions to exchange data between applications. The DDE […]

WannaCry’s Never Say Die Attitude Keeps It Going!

Pradeep Kulkarni / 9 years
0
4 min read

Over the past few months, the cybersecurity world was at buzz due to the infamous WannaCry ransomware attack. The attack was launched on a massive scale. The campaign started after the disclosure of NSA exploit leak by a hacker group called Shadow Brokers. Taking advantage of unpatched systems all over the globe, the attack spread […]

CVE-2017-0199 – Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API

Pradeep Kulkarni / 9 years
0
2 min read

The newly discovered zero-day vulnerability (CVE-2017-0199) in Microsoft Office/WordPad is being actively exploited in the wild. Almost all Microsoft Office versions are affected with this bug. To fix this vulnerability, Microsoft released a security update on April 11, 2017. Vulnerable Versions According to Microsoft, the following are the affected products (past support life cycle products […]