Blog

Vulnerability

Malspam campaigns exploiting recent MS Office vulnerability ‘CVE-2017-11882’ – An Analysis by Quick Heal Security Labs

  • 15
    Shares
 February 5, 2018

Estimated reading time: 4 minutes

No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro, CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2017-11882. Let’s take a look...

An emerging trend of DDE based Office malware – an analysis by Quick Heal Security Labs

  • 41
    Shares
 December 6, 2017

Estimated reading time: 3 minutes

For the past few years, we have been seeing macro-based attacks through Object Linking Embedding (OLE)/Microsoft Office files. But, presently, attackers are using a different technique to spread malware through Office files – using a new attack vector called ‘Dynamic Data Exchange (DDE)’. DDE is an authorized Microsoft Office feature that provides several methods for transferring data between applications. Once the communication protocol is established, it doesn’t require user interactions...

CVE-2017-11826 – Microsoft Office Memory Corruption Vulnerability – an Alert by Quick Heal Security Labs

 October 13, 2017

Estimated reading time: 2 minutes

The recent zero-day vulnerability in Microsoft Office vulnerability CVE-2017-11826 enables attackers to perform a Remote Code Execution on targeted machines. According to a recently published blog post, this vulnerability is being exploited in the wild. Microsoft has released a security update on October 10, 2017, to fix this issue. Vulnerable...

CVE-2017-9805 | Apache Struts 2 Remote Code Execution Vulnerability – An analysis by Quick Heal Security Labs

  • 2
    Shares
 September 7, 2017

Estimated reading time: 2 minutes

A critical remote code execution vulnerability has been discovered in the popular web application framework Apache Struts, which allows attackers to execute an arbitrary code. To address this issue, Apache Struts has issued a security advisory and CVE-2017-9805 has been assigned to it. The attacker may use this vulnerability to...

CVE-2017-0199 – Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API

  • 23
    Shares
 April 14, 2017

Estimated reading time: 2 minutes

The newly discovered zero-day vulnerability (CVE-2017-0199) in Microsoft Office/WordPad is being actively exploited in the wild. Almost all Microsoft Office versions are affected with this bug. To fix this vulnerability, Microsoft released a security update on April 11, 2017. Vulnerable Versions According to Microsoft, the following are the affected products...

Cosmos Bank website compromised with RIG Exploit Kit which drops Cerber Ransomware

  • 41
    Shares
 March 23, 2017

Estimated reading time: 3 minutes

Update: The incident has been taken care of by Cosmos Bank and its website (URL) is now clean and safe to use. Compromising popular websites has become a common strategy for attackers to spread infection in a widespread fashion. Attackers exploit unpatched vulnerabilities present on web servers in order to compromise...

CVE-2017-5638 – Apache Struts 2 Remote Code Execution Vulnerability

  • 2
    Shares
 March 14, 2017

Estimated reading time: 2 minutes

The well-known open source web application framework Apache Struts 2 is being actively exploited in the wild allowing hackers to launch a remote code execution attack.  To address this issue, Apache has issued a security advisory and CVE-2017-5638 has been assigned to it. The zero-day bug has been rated with...

The Remote Desktop Protocol Vulnerability – ‘CVE-2012-0002’ is not dead yet!

  • 22
    Shares
 December 13, 2016

Estimated reading time: 2 minutes

On March 13, 2012, Microsoft disclosed the details of a ‘critical vulnerability’ called Remote Desktop Protocol Vulnerability – CVE-2012-0002 in its bulletin. And even four years after this vulnerability was patched, it is still being exploited in the wild by attackers to carry out ‘Remote Code Execution’ on their victims...

New Common Vulnerabilities and Exposure (CVE) in Spammer’s toolkit

  • 26
    Shares
 June 3, 2016

Estimated reading time: 1 minute

The Quick Heal Malware Intelligence Reporting System has made a recent observation about a CVE (Common Vulnerabilities and Exposures) known as CVE-2015-2545 being actively used in an online spam campaign. The campaign begins with targeted users receiving a spam email with an attached malicious document. Below are some common attachment...

Security Vulnerabilities for Android and iOS Hit An All-time High in 2015

  • 1
    Share
 December 4, 2015

Estimated reading time: 4 minutes

Quick Heal hopes it has been a good year for you. But, has it been a good year for your mobile devices as well? It has been an alarming year for both Android and iOS users. If Android users were vulnerable to Stagefright attacks, iOS users had their own share...