Home > Knowledge Centre > Vulnerability

CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel

  • Ganesh Lakariya / 7 years
  • 2
  • 3 min read

Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all. This flaw could enable an attacker to compromise a system […]

Sophisticated Ransomware : “Katyusha”

  • Ghanshyam More / 7 years
  • 0
  • 7 min read

For several months, Quick Heal Security Labs has been observing an increase in ransomware, we have found one more interesting ransomware which encrypts files and adds extension “.katyusha” and demands for an amount of 0.5 btc within three days and threatens to release the data to public download if the ransom is not paid. Malware is bundled with […]

Obfuscated Equation Editor Exploit (CVE-2017-11882) spreading Hawkeye Keylogger

  • Pradeep Kulkarni / 7 years
  • 0
  • 8 min read

Cyber-attacks through phishing emails are increasing and generally, attackers use DOC embedded macros to infiltrate victim’s machine. Recently Quick Heal Security Labs came across a Phishing e-mail sample which uses Microsoft’s equation editor exploit to spread Hawkeye keylogger. Cybercriminals use different techniques to steal confidential data. Now they are offering advanced forms of malware to […]

Malspam campaigns exploiting recent MS Office vulnerability ‘CVE-2017-11882’ – An Analysis by Quick Heal Security Labs

  • Aniruddha Dolas / 8 years
  • 0
  • 5 min read

No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro, CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2017-11882. Let’s take a look at in-depth analysis of one […]

An emerging trend of DDE based Office malware – an analysis by Quick Heal Security Labs

  • Aniruddha Dolas / 8 years
  • 0
  • 3 min read

For the past few years, we have been seeing macro-based attacks through Object Linking Embedding (OLE)/Microsoft Office files. But, presently, attackers are using a different technique to spread malware through Office files – using a new attack vector called ‘Dynamic Data Exchange (DDE)’. DDE is an authorized Microsoft Office feature that provides several methods for transferring data between applications. Once the communication protocol is established, it doesn’t require user interactions to exchange data between applications. The DDE […]

CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs

  • Pradeep Kulkarni / 8 years
  • 0
  • 2 min read

The recent zero-day vulnerability in Microsoft Office vulnerability CVE-2017-11826 enables attackers to perform a Remote Code Execution on targeted machines. According to a recently published blog post, this vulnerability is being exploited in the wild. Microsoft has released a security update on October 10, 2017, to fix this issue. Vulnerable versions The following versions of […]

CVE-2017-9805 | Apache Struts 2 Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

  • Pradeep Kulkarni / 8 years
  • 0
  • 2 min read

A critical remote code execution vulnerability has been discovered in the popular web application framework Apache Struts, which allows attackers to execute an arbitrary code. To address this issue, Apache Struts has issued a security advisory and CVE-2017-9805 has been assigned to it. The attacker may use this vulnerability to target organizations across the globe. […]

CVE-2017-0199 – Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API

  • Pradeep Kulkarni / 9 years
  • 0
  • 2 min read

The newly discovered zero-day vulnerability (CVE-2017-0199) in Microsoft Office/WordPad is being actively exploited in the wild. Almost all Microsoft Office versions are affected with this bug. To fix this vulnerability, Microsoft released a security update on April 11, 2017. Vulnerable Versions According to Microsoft, the following are the affected products (past support life cycle products […]

Cosmos Bank website compromised with RIG Exploit Kit which drops Cerber Ransomware

  • Pradeep Kulkarni / 9 years
  • 3
  • 4 min read

Update: The incident has been taken care of by Cosmos Bank and its website (URL) is now clean and safe to use. Compromising popular websites has become a common strategy for attackers to spread infection in a widespread fashion. Attackers exploit unpatched vulnerabilities present on web servers in order to compromise websites. In addition to this, […]

CVE-2017-5638 – Apache Struts 2 Remote Code Execution Vulnerability

  • Pradeep Kulkarni / 9 years
  • 0
  • 2 min read

The well-known open source web application framework Apache Struts 2 is being actively exploited in the wild allowing hackers to launch a remote code execution attack.  To address this issue, Apache has issued a security advisory and CVE-2017-5638 has been assigned to it. The zero-day bug has been rated with the highest severity rating ‘High’. […]