Estimated reading time: 10 minutes
Operation HollowQuill: Malware delivered into Russian R&D Networks via Research Decoy PDFs. Contents Introduction Key Targets Industries Affected Geographical Focus Infection Chain Initial Findings Looking into the decoy-document Technical Analysis Stage 1 – Malicious RAR File Stage 2 –...
Estimated reading time: 6 minutes
The Rising Threat of QR Code-Driven Phishing Schemes A new kind of cyberattack has emerged in recent years as a result of QR codes’ popularity as a quick and easy way to share information. Businesses are increasingly at risk...
Estimated reading time: 11 minutes
Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan. Contents Introduction Key Targets. Industries Affected. Geographical Focus. Initial Findings. Looking into the decoy-document – I Looking into the decoy-document – II Infection Chain. Technical Analysis...
Estimated reading time: 3 minutes
Our previous blog explored an XSS vulnerability within the Bookly plugin (WordPress Online Booking and Scheduling Plugin – Bookly). Today, we will delve into another XSS vulnerability that came to light during our research on the same plugin. Our...
Estimated reading time: 3 minutes
The world of healthcare is rapidly changing. Technological advancements expose organizations to cyber risks, including ransomware, malware, breaches, viruses, and vulnerabilities. The combination of poor cybersecurity practices, digital transformation in care delivery, operational touchpoints, and sensitive data storage makes...
Estimated reading time: 5 minutes
On May 30, 2022, CVE-2022-30190 “FOLLINA,” a zero-day remote code execution vulnerability discovered in Microsoft Windows Support Diagnostic Tool (MSDT) with high severity (CVSS:9.3). This MSDT tool diagnoses issues with applications such as Microsoft Office documents. Initial attack vector...
Estimated reading time: 2 minutes
A Zero-day Remote Code Execution Vulnerability with high severity has been identified as CVE-2022-30190 “FOLLINA” in Microsoft Windows Support Diagnostic Tool (MSDT). MSDT is a tool present on Windows version 7 and above and is used for the diagnosis...
Estimated reading time: 2 minutes
A Zero-day Remote Code Execution Vulnerability with critical severity has been identified as CVE-2022-22965 aka Spring4Shell or SpringShell in Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19 & older. The Spring Framework is an open-source, popular, feature-rich application...
Estimated reading time: 2 minutes
We all are aware of the ongoing conflict between Russia and Ukraine. As the physical war takes place on the ground, it also gives rise to cyberattacks against Russia and Ukraine. We are seeing an increase in malicious cyber...
Estimated reading time: 4 minutes
If you’ve been following the news recently, you’ll undoubtedly have read about cybersecurity incidents impacting corporations of all sizes in all industries around the world. While it doesn’t often make the news, even small- and medium-sized businesses (SMBs) have...