Blog

CVE

An in-depth analysis of a new, emerging “.url” malware campaign – by Quick Heal Security Labs

  • 2
    Shares
 March 19, 2018

Estimated reading time: 5 minutes

Last week, we had blogged about the emergence of a new attack vector ‘.url’ which is used to spread malware. In this blog post, we will deep-dive into the attack chain of this ‘.url’ vector and elaborate on the Quant Loader malware which is actively making use of it. Let’s...

Chinese, Russian hackers counting on Apache Struts vulnerabilities – a report by Quick Heal Security Labs

 March 7, 2018

Estimated reading time: 4 minutes

Apache Struts is an open-source CMS based on MVC framework for developing Java EE Web Applications. Apache Struts has been widely used by many Fortune 100 companies and government agencies over the years for developing web applications. But, websites built using a CMS constantly need to upgrade the CMS versions in their web application servers, because vulnerabilities...

CVE-2017-9805 | Apache Struts 2 Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

  • 2
    Shares
 September 7, 2017

Estimated reading time: 2 minutes

A critical remote code execution vulnerability has been discovered in the popular web application framework Apache Struts, which allows attackers to execute an arbitrary code. To address this issue, Apache Struts has issued a security advisory and CVE-2017-9805 has been assigned to it. The attacker may use this vulnerability to...

CVE-2017-5638 – Apache Struts 2 Remote Code Execution Vulnerability

  • 2
    Shares
 March 14, 2017

Estimated reading time: 2 minutes

The well-known open source web application framework Apache Struts 2 is being actively exploited in the wild allowing hackers to launch a remote code execution attack.  To address this issue, Apache has issued a security advisory and CVE-2017-5638 has been assigned to it. The zero-day bug has been rated with...

New Common Vulnerabilities and Exposure (CVE) in Spammer’s toolkit

  • 26
    Shares
 June 3, 2016

Estimated reading time: 1 minute

The Quick Heal Malware Intelligence Reporting System has made a recent observation about a CVE (Common Vulnerabilities and Exposures) known as CVE-2015-2545 being actively used in an online spam campaign. The campaign begins with targeted users receiving a spam email with an attached malicious document. Below are some common attachment...