Blog

Security patch

CVE-2018-8174: Windows VBScript Engine Remote Code Execution Vulnerability – An advisory by Quick Heal Security Labs

 May 10, 2018

Estimated reading time: 1 minute

The recent zero-day vulnerability in Windows VBScript Engine (CVE-2018-8174), enables attackers to perform a remote code execution on targeted machines. Microsoft has released a security advisory CVE-2018-8174 on May 8, 2018, to address this issue. According to Microsoft, it impacts most of the Windows Operating Systems. Vulnerable versions Windows 7 x86 and x64 versions Windows...

An analysis of the Dharma ransomware outbreak by Quick Heal Security Labs

  • 25
    Shares
 May 2, 2018

Estimated reading time: 7 minutes

On April 25, 2018, Quick Heal Security Labs issued an advisory on a new ransomware outbreak. We are observing a sudden spike of Dharma Ransomware. Even though Dharma ransomware is old, we observed its new variant which is encrypting files and appending the “.arrow” extension to it. Previously the encrypted...

How important are security patches and updates

  • 73
    Shares
 April 23, 2018

Estimated reading time: 3 minutes

Security vulnerabilities are increasing and just not so long before, we had to deal with so many of them. Remember WannaCry? In this post, we will discuss some important case in points with respect to security vulnerabilities and how important are security patches and updates. The WannaCry scare The biggest...

Chinese, Russian hackers counting on Apache Struts vulnerabilities – a report by Quick Heal Security Labs

 March 7, 2018

Estimated reading time: 4 minutes

Apache Struts is an open-source CMS based on MVC framework for developing Java EE Web Applications. Apache Struts has been widely used by many Fortune 100 companies and government agencies over the years for developing web applications. But, websites built using a CMS constantly need to upgrade the CMS versions in their web application servers, because vulnerabilities...

A massive security flaw discovered in Skype. Fix not coming anytime soon.

  • 18
    Shares
 February 14, 2018

Estimated reading time: 2 minutes

Quick Heal Security Labs has recently learned about a serious vulnerability in Skype’s update installer – that’s the bad news. The worse news is, Microsoft is not going to patch the vulnerability anytime soon as this would require the updater to go through a ‘large code revision’. What is this...

Vulnerabilities found in Broadcom Wi-Fi adapter of Lenovo laptop chipsets

  • 32
    Shares
 February 13, 2018

Estimated reading time: 2 minutes

Lenovo recently released an advisory, warning customers about two critical Broadcom vulnerabilities which impact 25 models of its popular ThinkPad lineup. The Broadcom Wi-Fi chipsets used by Lenovo ThinkPad devices are affected by the CVE-2017-11120 & CVE-2017-11121 vulnerabilities. Both these issues are rated as “critical” and received a CVSS 10 score...

What do we need to know about the CPU vulnerabilities Meltdown and Spectre?

  • 5
    Shares
 January 4, 2018

Estimated reading time: 2 minutes

What exactly is a vulnerability? A security vulnerability (also known as a security hole) is a security flaw detected in a product that may leave it open to hackers and malware. Using such vulnerabilities, attackers can exploit the affected system/product for their profit in various ways. What is an exploit? Exploits...

You won’t believe what this ransomware demands

  • 63
    Shares
 September 25, 2017

Estimated reading time: 2 minutes

When we talk about motives behind any cyberattack, it is mostly money; a case in point is the ransomware – it locks your PC or encrypts your data and demands a ransom (in Bitcoins) to let go off the computer or decrypt the data. So basically, money is the main...

CVE-2017-8759 | .NET Framework Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

  • 4
    Shares
 September 14, 2017

Estimated reading time: 2 minutes

The recent zero-day vulnerability in .NET Framework vulnerability CVE-2017-8759 enables attackers to perform a Remote Code Execution on the targeted machine. This vulnerability is found to be exploited in the wild through email spam messages loaded with malicious RTF files as an attachment. Microsoft has released a security update on...

WannaCry Ransomware Recap: Some important facts you need to know

  • 82
    Shares
 May 24, 2017

Estimated reading time: 3 minutes

Ransomware is a malware that locks your computer making it inaccessible or it encrypts your data. It then demands you to pay a ransom for unlocking the computer or decrypting the data. This post talks about the file encrypting ransomware called WannaCry – the biggest ransomware attack in history! 1....