CVE-2020-1967 – Segmentation fault in OpenSSL

OVERVIEW OpenSSL is a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. It is also a general-purpose cryptography library.   It is a software library for applications that secure communications over computer networks against eavesdropping or need to identify the party at the other end. It is …

CVE-2020-1967 – Segmentation fault in OpenSSL Read More »

Multiple Qakbot (Qbot) waves detected in April 2020

Since last month there have been significant resurgence in Qbot. Different Qbot waves were reported like “feature“, “extend“, “string” and “one-drive” wave. Several bot_groups spx85 to spx103 were found active for this Qakbot resurgence. In this post we will be going though detailed analysis of the Qbot wave -“feature wave” from bot_group spx98. What is …

Multiple Qakbot (Qbot) waves detected in April 2020 Read More »

Patch your Vcenter server for CVSS10.0 rated vulnerability – CVE-2020-3952

This report is about the vulnerability found in the VMWare vCenter software and recorded in CVE-ID: CVE-2020-3952. The vulnerability is caused by improper access controls affecting the VMware Directory Service. The affected version of the software is vCenter 6.7 with a patch available for this software flaw. What is vCenter server? vCenter Server is an …

Patch your Vcenter server for CVSS10.0 rated vulnerability – CVE-2020-3952 Read More »

Threat/APT groups leveraging COVID-19, novel coronavirus epidemic situation to spread malware.

Throughout the globe, several cyber attacks associated with COVID-19 were reported in the past 1 month. Many threat groups have been taking advantage of this epidemic situation to send malspam, tricking users to click the embedded links or open the documents in order to drop the malware on their devices. Name the malware – trickbot, …

Threat/APT groups leveraging COVID-19, novel coronavirus epidemic situation to spread malware. Read More »

GhostCat: Vulnerability In Apache Tomcat Servers

CVE-2020-1938: 0-Day Vulnerability Discovered In Apache Tomcat. Before Its Too Late Upgrade Your Servers Asap. What Is GhostCat / CVE-2020-1938? It is a vulnerability disclosed recently in Apache Tomcat servers by a Chinese company Chaitin Tech. All technical details are being tracked under CVEID- CVE-2020-1938. An attacker can read or include any files in the …

GhostCat: Vulnerability In Apache Tomcat Servers Read More »

New Iranian Data Wiper Malware “ZeroCleare” Targeting Energy Sector

IBM X-Force security researchers discovered new destructive data wiper malware and named it as ZeroCleare on the basis of the program database pathname of its binary file. What is ZeroCleare? Zerocleare is a destructive data-wiping malware targeting oil, gas and energy sectors based companies in the Middle-East and some parts of Europe. It is a …

New Iranian Data Wiper Malware “ZeroCleare” Targeting Energy Sector Read More »

Magecart campaign -card stealer, online shopping no more secured

Card Skimming Threat to e-commerce platforms According to RiskIQ, Magecart has been attacking online companies since 2016. Its modus operandi is to insert malicious code in the websites of these companies in order to steal their customers’ data when they make a purchase. This technique is called digital skimming. RiskIQ has identified so far, at …

Magecart campaign -card stealer, online shopping no more secured Read More »

Lnkr Adware: Malicious browser extension campaign

If you are using browser extensions, Be-aware lnkr browser extensions are Rapidly spreading across the internet. What is browser extensions ? Extensions are small software programs that customize the browsing experience. They enable users to tailor browser functionality and behavior to individual needs or preferences. They are built on web technologies such as HTML, JavaScript, …

Lnkr Adware: Malicious browser extension campaign Read More »

“MegaCortex” Ransomware in action -A MayDay gift no-one wanted

Sudden presence of all new megaCortex ransomware on various enterprise network was not less then a May Day surprise for Infotech world. A new ransomware named as MegaCortex got noticed on last wednesday when a serious hike was noticed against multiple clients of sophos around the globe. According to Sophos lab investigation, attack was delivered …

“MegaCortex” Ransomware in action -A MayDay gift no-one wanted Read More »