Gridinsoft Security Lab

Exim Internet Mailer, a program massively used as a basis for mailing servers, appears to have a remote code execution vulnerability. By overflowing the buffer, hackers can make the program execute whatever code they need. Despite several reports to the developer, the patch is still not available.ContentsWhat is Exim?Exim Buffer Overflow Vulnerability Allows RCEHow to […]

Cybercriminals who stand behind RedLine and Vidar stealers decided to diversify their activity. Now, crooks deploy ransomware, using the same spreading techniques as they used to deliver their spyware. Meanwhile, the process of ransomware enrollment is rather unusual and is full of advanced evasion techniques.ContentsWhat are Redline and Vidar Stealers?RedLine and Vidar Ransomware DeliveryRedLine Uses […]

As a part of the GridinSoft team, I am proud to announce the public release of our own online virus scanner service! Now, you can scan the file and see all the information about it for free, by using GridinSoft Online Virus Checker. Let’s check out its key features and find out why it is […]

In the ever-evolving landscape of cyber threats, crooks continually find new and inventive ways to exploit vulnerabilities and target valuable assets. One such threat that has recently garnered significant attention is “W3LL.” Next, we will tell you what it is, what it is known for, and how it succeeded in its business over 6 years […]

Recent attacks on US military systems and Taiwan companies are distinctive not only by the brave target choosing, but also for the used toolkit. In the case of both targets, attackers used HiatusRAT as an initial access/reconnaissance tool. Aside from being used in these attacks, Hiatus Trojan has other things to boast of.ContentsUS DoD and […]

The flow of information is crucial in today’s world, but it’s also precious to cybercriminals. They target personal data stored on your device through infostealer malware, putting your information at risk. Experts have marked a significant rise in the spread of information-stealing malware, also known as infostealers or stealers. In Q1 2023, the number of […]

FIN8, an infamous group of cybercriminals, has updated its backdoor malware to avoid being detected. They made improvements and prepared to release a new type of crimeware called Noberus. This threat actor has returned after inactivity, using a modified version of their Sardonic backdoor to distribute the Noberus ransomware. This is a part of their […]

On July 11, 2023, Microsoft published an article about addressing the CVE-2023-36884 vulnerability. This breach allowed for remote code execution in Office and Windows HTML. Microsoft has acknowledged a targeted attack that exploits a vulnerability using specifically designed Microsoft Office documents. The attacker can gain control of a victim’s computer by creating a malicious Office […]

Wise Remote Stealer is a potent and malicious software that operates as an infostealer, Remote Access Trojan (RAT), DDoS bot, and ransomware. It has gained notoriety within the cybersecurity community due to its extensive range of capabilities and the threat it poses to individuals and organizations.ContentsUnveiling the Wise Remote StealerThe Stealthy Proliferation of Wise Remote […]

Today, in the constantly changing world of cyber threats, attackers always look for new ways to get more benefits with less effort. Recently, researchers found an example of this and called it proxyjacking for profit.ContentsWhat is proxyjacking?Diving into details1. Penetration2. Deploying3. File analysis4. Eliminating competitorsDistribution serverWhy do they do it?How to avoid proxyjacking? What is […]

Over the past few months, researchers have been monitoring the activity of a Chinese threat actor using PlugX malware to target foreign and domestic policy entities and embassies in Europe. This is a more significant trend among Chinese-based groups increasingly focusing on European entities, particularly their foreign policy. The countries most targeted in this campaign […]

Researchers have discovered a new form of malware called RedEnergy Stealer. It is categorized as Stealer-as-a-Ransomware but is not affiliated with the Australian company Red Energy.ContentsWhat is RedEnergy Malware?Threat SummaryHow does RedEnergy Malware work?How to avoid installation of RedEnergy Malware? A malware called RedEnergy stealer uses a sneaky tactic to steal sensitive data from different […]