Knowledgebase

Fontdrvhost.exe file – is it safe and legit?

Fontdrvhost.exe file - is it safe and legit?

Several days ago a user on Reddit nicknamed u/14022I posted about Fontdrvhost.exe. It seems they suspected some problems with this particular file on their computer. The question was why it uses so much CPU and Memory? The user thought it could be malicious. They might be right or they might be wrong. We`ll explain. Can someone tell me why "Usermode …

Read More »

VulkanRT. What have I do with Vulkan Runtime Libraries?

VulkanRT. What have I do with Vulkan Runtime Libraries?

VulkanRT is a strange folder you can spectate in the system partition of your PC, as well as in the list of installed apps. Some people think that it is malicious, but, in fact, you have nothing to worry about. VulkanRT, or Vulkan Runtime Libraries, is a legitimate graphics API that is at the beginning of its popularity. Being designed …

Read More »

What is a Chrome virus?

What is a chrome virus?

Chrome virus is a collective name for various kinds of potentially unwanted programs that mainly target classic Google Chrome browsers. They are those which will deliver constant intrusive pop up ads, fake alerts and redirect users to different suspicious sites. And they do so by hijacking your browser making it sometimes practically unusable. Not only the malicious programs interfere with …

Read More »

What is an anti-virus scanner?

What is anti-virus scanner?

Antivirus scanner or virus scanner comes in a package with an anti-virus software. It’s function is to scan a hard drive for viruses and other similar items. You can do scanning manually or the process can be automated. Such programs can work on different operating systems. The first computer viruses appeared in the 1980s and near that time what can …

Read More »

Malware vs Virus – what is the difference?

Malware vs Virus - what is the difference?

Cybersecurity is a pretty complicated science. And this complication goes not only because of the fact that everything revolves around PCs – a lot of people struggle to deal with definitions. Let’s check out two basic and the most controversial definitions – malware and virus. People who know something, or even a lot, about cybersecurity, will likely think that there …

Read More »

What is trojan horse malware and how to remove that?

What is trojan horse malware and how to remove that?

Trojan horse malware is not an easy thing to detect and remove. To get rid of it, and avoid the appearance of this tricky malware in the future, you must know your enemy’s face. And, of course, have a trojan remover for Windows. The legend says that during the siege of Troy, Greeks failed to capture the city in a …

Read More »

BlackMatter ransomware victims get free decryption key

Blackmatter ransomware logo victims get free decryption key

First detected in July 2021, BlackMatter is ransomware-as-a-service (Raas) tool. It lets the ransomware’s criminals get financial gain from their affiliates (i.e BlackMatter actors) who exploit it against victims. This ransomware group can be a possible rebrand of DarkSide, a RaaS gang that was operating from September 2020 through May 2021. BlackMatter targeted numerous U.S. organizations and demanded ransom payments …

Read More »

Fake Squid Game app spreading Joker malware

Fake Squid Game app spreading Joker malware

Joker malware distributors exploit the name of a popular Netflix series. It was found on the Play Store by a Twitter user named ReBenks (changed his nickname soon after). Later, the malware researcher confirmed that the app is infected with the infamous Joker malware. Google already removed it from its app store but reportedly the app got over 5,000 downloads …

Read More »

Google fixes four bugs in Chrome Browser

Recently Chrome Browser users got a new update of the browser. The newest build goes by the number 94.0.4606.81 for OS Windows, macOS and Linux. It will be available for the next few weeks for all Chrome Browser users. The update is one of the means for the company to protect its users from recently discovered bugs in the Chrome …

Read More »

Discord virus. Programmers are also under attack.

Discord virus. Programmers are also under attack.

Discord virus is a spamming campaign which takes place in Discord – a popular communication platform. Users report dubious messages from strangers, who offer to take part in a generous giveaway, or to use Nitro functions for free. The links in such messages lead to malware downloading. Let’s figure out how this scam is done. Discord virus: how and why …

Read More »

Dogecoin scam. How this cryptocurrency fraud works?

Dogecoin scam. How this cryptocurrency fraud works?

The Dogecoin scam is one more example of online fraud, which became enormously popular last time. This way of money theft is always in active use. However, during the last two months swindlers have shown an incredible activity boost. In this post, I will show you the scheme used by the Dogecoin scam, and also explain why that fraud may …

Read More »

Facebook virus – a modern spam campaign.

Facebook virus - a modern spam campaign.

Facebook virus is a common name for spam which is sent massively nowadays through Facebook. These messages contain dubious links, which leads to malware downloads. In this post, you will see the full information about the Facebook virus, and the description of its mechanism. Facebook virus spam messages – what are they? While chatting on Facebook, you may get strange …

Read More »

Bitcoin miner virus – what is it?

miner

Bitcoin miner virus, also known as trojan-miner, is a type of computer virus that uses your computer to mine cryptocurrencies. This process may lead to unwanted consequences, such as lag spikes, performance degradation, or even component failure. In this article, I will tell you how to detect the malware presence on your PC, and also will help you to remove …

Read More »

GrandSteal virus – how to delete effectively?

GrandSteal virus

This article will furnish you with instructions to get rid of GrandSteal virus fully from your Windows computers. Note that GrandSteal is a malware that represents an essential risk for the safety of your personal details. So, removing GrandSteal is a must-do item on your today’s agenda. GrandSteal may steal a lot of important information available on your hard drive. …

Read More »

Parallax RAT removal instructions.

Parallax RAT detection on VirusTotal

This guide will provide you with more detailed information about the Parallax RAT. You will get a clear understanding of why Parallax RAT deserves immediate removal. The tutorial also explains what other security programs mention regarding this kind of infection. Parallax stands for the name of a remote administration tool (shortly abbreviated as RAT). It can be obtained on several …

Read More »

Vulnerability in Microsoft Authorization System Allows Hacking Accounts

Microsoft Authorization System Vulnerability

Security researchers from the Israeli company CyberArk discovered a vulnerability in the Microsoft authorization system, which allows hacking accounts. This vulnerability is located in the Microsoft Azure cloud service. The problem affects certain applications that use the Microsoft OAuth 2.0 authorization protocol, and its operation allows creating tokens for entering the system. In this way, attackers can take control of …

Read More »

Experts have doubts in the effectiveness of the CVE database

Experts doubts in the effectiveness of CVE

Experts have doubts in the effectiveness of the CVE database and advised researchers not to rely solely on this threat database when scanning for vulnerabilities in the system. As stated in the report of the company Risk Based Security, such a solution will make IT professionals miss almost a third of all vulnerabilities. “If your organization is currently relying on …

Read More »

IS specialists published an exploit for the RCE problem in Apache Solr

Exploit for RCE in Apache Solr

In the summer this year, an information security researcher known as jnyryan discovered a problem in Apache Solr. Now, security professionals have published an exploit for the RCE problem in Apache Solr. The vulnerability was hidden in the solr.in.sh configuration file, which by default is included in all versions of Solr. So, the default configuration implies the included option ENABLE_REMOTE_JMX_OPTS, …

Read More »

Qualcomm chip vulnerabilities endanger millions of Android devices

Vulnerabilities in Qualcomm endanger Android devices

Check Point experts found that vulnerabilities in the Qualcomm Secure Execution Environment endanger millions of Android devices. Vulnerabilities allow attackers to steal critical data stored in protected parts of the device. Qualcomm Secure Execution Environment (QSEE) is an implementation of the Trusted Execution Environment (TEE) based on ARM TrustZone technology. In fact, it is a hardware-isolated area of the processor …

Read More »

ZoneAlarm forums hacked due to vBulletin vulnerability

ZoneAlarm hacked with vBulletin vulnerability

The forums at ZoneAlarm, which is owned by Check Point and whose products are used by over 100 million people, have been hacked because of a vulnerability in vBulletin. As a result, users’ data fell into the hands of attackers. Fortunately, despite the considerable user base of ZoneAlarm, the leak affected the forum hosted on forums.zonealarm.com (currently unavailable because the …

Read More »

Vulnerability in Libarchive Threatens Many Linux Distributions

Vulnerability in Libarchive Threatens Linux

In the summer this year, Google experts, using the ClusterFuzz and OSS-Fuzz tools, discovered a dangerous bug in the Libarchive library. This vulnerability in Libarchive threatens many Linux distributions. The vulnerability impacts Libarchive, a library for reading and creating compressed files. It is a powerful all-in-one toolkit for working with archive files that also bundles other Linux/BSD utilities like tar, …

Read More »

Previously unknown governmental group Avivore attacked airbus

Avivore attacked Airbus

Researchers at Context Information Security have identified a new cybercriminal group Avivore, which has attacked Airbus several times over the past few months. Attackers carried out cyber attacks on Airbus through the networks of French consulting company Expleo, British engine manufacturer Rolls Royce, and two unnamed Airbus suppliers. Cybercriminals target large multinational and small engineering and consulting firms in supply …

Read More »

Exim developers fixed a new critical vulnerability

New Exim Critical Vulnerability

The developers updated Exim to version 4.92.3, fixing a new critical DoS vulnerability, which theoretically allowed an attacker to execute malicious code on the target server. The problem affected all versions of the mail server, starting from 4.92 to the latest version 4.92.2. The vulnerability was identified by CVE-2019-16928 and was discovered by QAX-A-TEAM. The problem is with the heap …

Read More »

GitHub can now assign CVE identifiers to vulnerabilities

GitHub can assign CVE

This week, representatives of GitHub immediately announced a number of innovation, including the fact that GitHub has completed certification as a CVE Numbering Authority, the company can now independently assign CVE identifiers to vulnerabilities. First, Dependency Graph will add support for PHP projects on Composer. This means that users will be able to receive automatic security warnings for any vulnerabilities …

Read More »

Vulnerabilities in some D-Link and Comba routers reveal credentials in format of plain text

Vulnerabilities in D-Link and Comba Routers

Trustwave specialists discovered a number of vulnerabilities in D-Link and Comba Telecom routers. Bugs allow extracting data from Internet providers and access passwords from devices without authentication. After examining the D-Link DSL-2875AL router, the researchers found out that it is affected by the same problem that other devices of the manufacturer are vulnerable to: they give access to all router …

Read More »

Researchers discover second critical vulnerability in Exim servers in two months

Second Exim Critical Vulnerability

The second critical vulnerability has been discovered in the popular Exim mail server software that allows remote code execution and access to a system with superuser privileges. An open source contributor and security researcher with online nick Zerons discovered the vulnerability that later was analyzed by cybersecurity experts at Qualys. A fix for the vulnerability, as well as a detailed …

Read More »

Another 0-day vulnerability discovered in Android

Android 0-day Vulnerability

Participants in the Google project Zero Day Initiative (ZDI) published details of a 0-day vulnerability that could allow local privilege escalation in Android. According to the description in the ZDI blog, a dangerous vulnerability is present in the v4l2 driver (Video4Linux 2), which provides the possibility of audio and video capture for a Linux family of OS. As it turned …

Read More »