Blog

Hacker

Chinese, Russian hackers counting on Apache Struts vulnerabilities – a report by Quick Heal Security Labs

 March 7, 2018

Estimated reading time: 4 minutes

Apache Struts is an open-source CMS based on MVC framework for developing Java EE Web Applications. Apache Struts has been widely used by many Fortune 100 companies and government agencies over the years for developing web applications. But, websites built using a CMS constantly need to upgrade the CMS versions in their web application servers, because vulnerabilities...

A massive security flaw discovered in Skype. Fix not coming anytime soon.

  • 18
    Shares
 February 14, 2018

Estimated reading time: 2 minutes

Quick Heal Security Labs has recently learned about a serious vulnerability in Skype’s update installer – that’s the bad news. The worse news is, Microsoft is not going to patch the vulnerability anytime soon as this would require the updater to go through a ‘large code revision’. What is this...

Scam Alert! Beware of online surveys promising free iPhone X

  • 34
    Shares
 January 16, 2018

Estimated reading time: 3 minutes

Ever came across an online survey that promised you a handsome prize? I did. And here’s what happened. While I was going about my daily work on the Internet, I came across the below page.   As you can see, I received a congratulatory message for being a loyal Google...

5 things you must know about the Uber data breach if you are worried about it

  • 1
    Share
 November 23, 2017
Uber_data_breach

Estimated reading time: 3 minutes

For any business, suffering a data breach is bad. But, not informing its customers about the breach is downright worse. And Uber, a global transportation app company, has made itself into a glaring example of the above statement. Last Tuesday (21.11.2017), Uber Technologies revealed that hackers were able to compromise...

CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs

 October 13, 2017

Estimated reading time: 2 minutes

The recent zero-day vulnerability in Microsoft Office vulnerability CVE-2017-11826 enables attackers to perform a Remote Code Execution on targeted machines. According to a recently published blog post, this vulnerability is being exploited in the wild. Microsoft has released a security update on October 10, 2017, to fix this issue. Vulnerable...

6 deadly dangers of using unsecured Wi-Fi

  • 7
    Shares
 September 26, 2017

Estimated reading time: 2 minutes

They say, good things come for free, but not all of them. This post quickly takes you through the dangers of using unsecured Wi-Fi and some safety tips should you access such networks. From coffee shops to public libraries, and airports to restaurants, most public places now offer Wi-Fi for...

Card skimming alert! Man loses Rs. 87,000 after swiping his debit card at Pune-Mumbai toll plaza

  • 209
    Shares
 September 14, 2017
ATM card skimming

Estimated reading time: 2 minutes

This post is based on a story that featured on mid-day.com. On September 9, 2017, a sales account manager from Pune lost Rs. 87,000/- from his bank account 2 hours after he paid a toll tax at the Khalapur toll plaza. According to the report, he had used his debit...

CVE-2017-9805 | Apache Struts 2 Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

  • 2
    Shares
 September 7, 2017

Estimated reading time: 2 minutes

A critical remote code execution vulnerability has been discovered in the popular web application framework Apache Struts, which allows attackers to execute an arbitrary code. To address this issue, Apache Struts has issued a security advisory and CVE-2017-9805 has been assigned to it. The attacker may use this vulnerability to...

Petya ransomware is affecting users globally, here are things you can do

  • 1
    Share
 June 28, 2017
Petya_ransomware_quick_heal

Estimated reading time: 2 minutes

Quick Heal Security Labs has come across a new strain of Petya Ransomware that is affecting users globally. This clearly looks like early signs of a new ransomware attack that is spreading fast across the globe. Currently, we have seen multiple reports of this ransomware attack from several countries. Our...

Beware! The TrickBot Trojan is back

  • 31
    Shares
 June 16, 2017

Estimated reading time: 3 minutes

TrickBot Trojan was first identified in mid-2016 and considered similar to the Dyreza banking Trojan. Initially, the payload (the component of a computer virus that executes a malicious activity) was spreading through a malvertising campaign using the Rig Exploit Kit. From our current findings, we have found that TrickBot has...