Thanatos Ransomware – an analysis by Quick Heal Security Labs

Credit to Author: Shriram Munde| Date: Thu, 22 Feb 2018 09:04:02 +0000

Quick Heal Security Labs has come across a new ransomware with AES encryption technique that demands 0.01 Bitcoin as a ransom after encrypting the victim’s files. It’s known as Thanatos Ransomware. Thanatos is a type of a Trojan malware that spreads through malicious advertisements, phishing sites, spam emails, freeware and…

Read more

New Saturn Ransomware offers ransomware-as-a-service

Credit to Author: Shriram Munde| Date: Mon, 19 Feb 2018 17:05:19 +0000

Quick Heal Security Labs has come across a new ransomware called ‘Saturn’ currently doing the rounds which upon encryption appends “. Saturn” extension to the encrypted files.  Behaviour of Saturn Ransomware Upon arrival on the host machine, Saturn ransomware checks whether it is a virtual environment or has any debuggers….

Read more

INFOGRAPHIC: Quick Heal Annual Threat Report 2018 | Key Findings

Credit to Author: Rajib Singha| Date: Mon, 19 Feb 2018 12:46:37 +0000

The Quick Heal Annual Threat Report 2018 is up and it puts together information that concerns individuals and business owners alike. It gives an insight into how the cybersecurity landscape shaped up in 2017 and how it is going to be in 2018. This infographic presents a quick overview of…

Read more

A massive security flaw discovered in Skype. Fix not coming anytime soon.

Credit to Author: Shriram Munde| Date: Wed, 14 Feb 2018 09:10:30 +0000

Quick Heal Security Labs has recently learned about a serious vulnerability in Skype’s update installer – that’s the bad news. The worse news is, Microsoft is not going to patch the vulnerability anytime soon as this would require the updater to go through a ‘large code revision’. What is this…

Read more

Vulnerabilities found in Broadcom Wi-Fi adapter of Lenovo laptop chipsets

Credit to Author: Shriram Munde| Date: Tue, 13 Feb 2018 12:07:22 +0000

Vulnerabilities found in Broadcom Wi-Fi adapter of Lenovo laptop chipsets Lenovo recently released an advisory, warning customers about two critical Broadcom vulnerabilities which impact 25 models of its popular ThinkPad lineup. The Broadcom Wi-Fi chipsets used by Lenovo ThinkPad devices are affected by the CVE-2017-11120 & CVE-2017-11121 vulnerabilities. Both these issues…

Read more

The Runner: a key component of the SamSam ransomware campaign – An analysis by Quick Heal Security Labs

Credit to Author: Amar Patil| Date: Thu, 08 Feb 2018 06:53:36 +0000

In Jan 2018, Greenfield, Indiana-based Hancock Health (healthcare network) was attacked by SamSam ransomware. It encrypted the files containing patients’ data which disrupted their critical services. Even though SamSam is not a new ransomware, it has evolved over a period of time. We had observed its first variant in Feb…

Read more

The Runner: a key component of the SamSam ransomware campaign

Credit to Author: Amar Patil| Date: Thu, 08 Feb 2018 06:53:36 +0000

In Jan 2018, Greenfield, Indiana-based Hancock Health (healthcare network) was attacked by SamSam ransomware. It encrypted the files containing patients’ data which disrupted their critical services. Even though SamSam is not a new ransomware, it has evolved over a period of time. We had observed its first variant in Feb…

Read more

An analysis of an MS office document exploiting a zero-day flash player vulnerability (CVE-2018-4878)

Credit to Author: Quick Heal Security Labs| Date: Wed, 07 Feb 2018 13:59:42 +0000

Important update! Adobe Systems released a critical security update on 6.02.2017 to fix the vulnerability discussed in this post. We recommend you to apply the update immediately. Summary of the vulnerability CVE-2018-4878 is a use-after-free vulnerability present in Adobe Flash Player 28.0.0.137 and its earlier versions are being exploited in…

Read more

How to detect and remove the bitcoin miner malware

Credit to Author: Quick Heal Security Labs| Date: Tue, 06 Feb 2018 08:18:46 +0000

This article aims to help you detect and remove the newly emerged fileless bitcoin miner malware and protect your computer. Bitcoin is a digital cash system. The difference between using bitcoin and using regular money is that bitcoins can be used without having to link any sort of real-world identity…

Read more

Malspam campaigns exploiting recent MS Office vulnerability ‘CVE-2017-11882’ – An Analysis by Quick Heal Security Labs

Credit to Author: Aniruddha Dolas| Date: Mon, 05 Feb 2018 10:12:34 +0000

No wonder malspam campaigns are a major medium to spread malware. Previously, we have written about such campaigns making use of MS Office malware such as malicious macro, CVE-2017-0199, CVE-2017-8759 and DDE-based attack. Recently, we have started observing various malspam campaigns exploiting the latest MS Office vulnerability CVE-2018-11882. Let’s take a look…

Read more