Credit to Author: Jayesh kulkarni| Date: Wed, 05 Feb 2020 06:17:49 +0000
It’s surprising to see how quickly attackers make use of new vulnerabilities in malware campaigns. Microsoft recently patched a very interesting vulnerability in their monthly Patch Tuesday update for January 2020. It’s a spoofing vulnerability in Windows CryptoAPI (Crypt32.dll) validation mechanism for Elliptic Curve Cryptography (ECC) certificates. An attacker could…
Read moreCredit to Author: Anant Pulgam| Date: Mon, 03 Feb 2020 09:17:12 +0000
Phishing email still remains one of the top malware propagation medium. Recently, we came across an interesting phishing email containing couple of Jumpshare links pointing to malicious components. Jumpshare is an online file sharing service and often cyber criminals abuse these kind of file sharing services. Upon clicking on one of the links in…
Read moreCredit to Author: Prakash Galande| Date: Fri, 24 Jan 2020 11:04:10 +0000
From past few months at Quick-Heal Labs, we have been observing a sudden rise in Spear Phishing mail containing distinct file formats as attachment like IMG, ISO, etc. These new types of attachments are mainly used to deploy some well-known and older Remote Access Trojans. The subject of these emails…
Read moreCredit to Author: Shriram Munde| Date: Fri, 24 Jan 2020 11:00:51 +0000
Ako Ransomware targeting businesses using RaaS Quick Heal security researchers recently observed ransomware that uses RaaS (Ransomware as a Service) which is a subpart of MaaS (Malware as a Service). Before delving into the AKO ransomware or RaaS, one must understand what Malware as a Service means, as it is…
Read moreCredit to Author: Ravi Gidwani| Date: Wed, 22 Jan 2020 11:12:25 +0000
Recently while threat hunting, Quick Heal Security Labs came across an unusual Node.js framework based Nodera ransomware. The use of Node.js framework is not seen commonly across malware families. Latest development by threat actors reveal a nasty and one-of-its-kind ransomware being created; one that uses Node.js framework, which enables it to infect Windows…
Read moreCredit to Author: Sushmita Kalashikar| Date: Wed, 22 Jan 2020 05:37:49 +0000
14 Jan 2020 marked a huge day for Windows, as Microsoft ended support for Windows 7, the operating system that had been touching lives for nearly 11 years. Introduced almost a decade back, Windows 7 was designed basically to fix the failures that came with Windows Vista. The popularity of…
Read moreCredit to Author: Sushmita Kalashikar| Date: Wed, 22 Jan 2020 05:37:49 +0000
14 Jan 2020 marked a huge day for Windows, as Microsoft ended support for Windows 7, the operating system that had been touching lives for nearly 11 years. Introduced almost a decade back, Windows 7 was designed basically to fix the failures that came with Windows Vista. The popularity of…
Read moreCredit to Author: Jayesh kulkarni| Date: Wed, 15 Jan 2020 14:13:09 +0000
With almost 200 extensions, STOP (djvu) ransomware can be said to be 2019’s most active and widespread ransomware. Although this ransomware was active a year before, it started its campaign aggressively in early 2019. To evade detection, it has been continuously changing its extensions and payloads. For earlier infections, data…
Read more