Security

Fontdrvhost.exe file – is it safe and legit?

Fontdrvhost.exe file - is it safe and legit?

Several days ago a user on Reddit nicknamed u/14022I posted about Fontdrvhost.exe. It seems they suspected some problems with this particular file on their computer. The question was why it uses so much CPU and Memory? The user thought it could be malicious. They might be right or they might be wrong. We`ll explain. Can someone tell me why "Usermode …

Read More »

VulkanRT. What have I do with Vulkan Runtime Libraries?

VulkanRT. What have I do with Vulkan Runtime Libraries?

VulkanRT is a strange folder you can spectate in the system partition of your PC, as well as in the list of installed apps. Some people think that it is malicious, but, in fact, you have nothing to worry about. VulkanRT, or Vulkan Runtime Libraries, is a legitimate graphics API that is at the beginning of its popularity. Being designed …

Read More »

What is a Chrome virus?

What is a chrome virus?

Chrome virus is a collective name for various kinds of potentially unwanted programs that mainly target classic Google Chrome browsers. They are those which will deliver constant intrusive pop up ads, fake alerts and redirect users to different suspicious sites. And they do so by hijacking your browser making it sometimes practically unusable. Not only the malicious programs interfere with …

Read More »

What is an anti-virus scanner?

What is anti-virus scanner?

Antivirus scanner or virus scanner comes in a package with an anti-virus software. It’s function is to scan a hard drive for viruses and other similar items. You can do scanning manually or the process can be automated. Such programs can work on different operating systems. The first computer viruses appeared in the 1980s and near that time what can …

Read More »

Discord virus. Programmers are also under attack.

Discord virus. Programmers are also under attack.

Discord virus is a spamming campaign which takes place in Discord – a popular communication platform. Users report dubious messages from strangers, who offer to take part in a generous giveaway, or to use Nitro functions for free. The links in such messages lead to malware downloading. Let’s figure out how this scam is done. Discord virus: how and why …

Read More »

Bitcoin miner virus – what is it?

miner

Bitcoin miner virus, also known as trojan-miner, is a type of computer virus that uses your computer to mine cryptocurrencies. This process may lead to unwanted consequences, such as lag spikes, performance degradation, or even component failure. In this article, I will tell you how to detect the malware presence on your PC, and also will help you to remove …

Read More »

GrandSteal virus – how to delete effectively?

GrandSteal virus

This article will furnish you with instructions to get rid of GrandSteal virus fully from your Windows computers. Note that GrandSteal is a malware that represents an essential risk for the safety of your personal details. So, removing GrandSteal is a must-do item on your today’s agenda. GrandSteal may steal a lot of important information available on your hard drive. …

Read More »

Parallax RAT removal instructions.

Parallax RAT detection on VirusTotal

This guide will provide you with more detailed information about the Parallax RAT. You will get a clear understanding of why Parallax RAT deserves immediate removal. The tutorial also explains what other security programs mention regarding this kind of infection. Parallax stands for the name of a remote administration tool (shortly abbreviated as RAT). It can be obtained on several …

Read More »

Vulnerability in Microsoft Authorization System Allows Hacking Accounts

Microsoft Authorization System Vulnerability

Security researchers from the Israeli company CyberArk discovered a vulnerability in the Microsoft authorization system, which allows hacking accounts. This vulnerability is located in the Microsoft Azure cloud service. The problem affects certain applications that use the Microsoft OAuth 2.0 authorization protocol, and its operation allows creating tokens for entering the system. In this way, attackers can take control of …

Read More »

Experts have doubts in the effectiveness of the CVE database

Experts doubts in the effectiveness of CVE

Experts have doubts in the effectiveness of the CVE database and advised researchers not to rely solely on this threat database when scanning for vulnerabilities in the system. As stated in the report of the company Risk Based Security, such a solution will make IT professionals miss almost a third of all vulnerabilities. “If your organization is currently relying on …

Read More »

IS specialists published an exploit for the RCE problem in Apache Solr

Exploit for RCE in Apache Solr

In the summer this year, an information security researcher known as jnyryan discovered a problem in Apache Solr. Now, security professionals have published an exploit for the RCE problem in Apache Solr. The vulnerability was hidden in the solr.in.sh configuration file, which by default is included in all versions of Solr. So, the default configuration implies the included option ENABLE_REMOTE_JMX_OPTS, …

Read More »

Qualcomm chip vulnerabilities endanger millions of Android devices

Vulnerabilities in Qualcomm endanger Android devices

Check Point experts found that vulnerabilities in the Qualcomm Secure Execution Environment endanger millions of Android devices. Vulnerabilities allow attackers to steal critical data stored in protected parts of the device. Qualcomm Secure Execution Environment (QSEE) is an implementation of the Trusted Execution Environment (TEE) based on ARM TrustZone technology. In fact, it is a hardware-isolated area of the processor …

Read More »

ZoneAlarm forums hacked due to vBulletin vulnerability

ZoneAlarm hacked with vBulletin vulnerability

The forums at ZoneAlarm, which is owned by Check Point and whose products are used by over 100 million people, have been hacked because of a vulnerability in vBulletin. As a result, users’ data fell into the hands of attackers. Fortunately, despite the considerable user base of ZoneAlarm, the leak affected the forum hosted on forums.zonealarm.com (currently unavailable because the …

Read More »

Vulnerability in Libarchive Threatens Many Linux Distributions

Vulnerability in Libarchive Threatens Linux

In the summer this year, Google experts, using the ClusterFuzz and OSS-Fuzz tools, discovered a dangerous bug in the Libarchive library. This vulnerability in Libarchive threatens many Linux distributions. The vulnerability impacts Libarchive, a library for reading and creating compressed files. It is a powerful all-in-one toolkit for working with archive files that also bundles other Linux/BSD utilities like tar, …

Read More »

Previously unknown governmental group Avivore attacked airbus

Avivore attacked Airbus

Researchers at Context Information Security have identified a new cybercriminal group Avivore, which has attacked Airbus several times over the past few months. Attackers carried out cyber attacks on Airbus through the networks of French consulting company Expleo, British engine manufacturer Rolls Royce, and two unnamed Airbus suppliers. Cybercriminals target large multinational and small engineering and consulting firms in supply …

Read More »

Exim developers fixed a new critical vulnerability

New Exim Critical Vulnerability

The developers updated Exim to version 4.92.3, fixing a new critical DoS vulnerability, which theoretically allowed an attacker to execute malicious code on the target server. The problem affected all versions of the mail server, starting from 4.92 to the latest version 4.92.2. The vulnerability was identified by CVE-2019-16928 and was discovered by QAX-A-TEAM. The problem is with the heap …

Read More »

GitHub can now assign CVE identifiers to vulnerabilities

GitHub can assign CVE

This week, representatives of GitHub immediately announced a number of innovation, including the fact that GitHub has completed certification as a CVE Numbering Authority, the company can now independently assign CVE identifiers to vulnerabilities. First, Dependency Graph will add support for PHP projects on Composer. This means that users will be able to receive automatic security warnings for any vulnerabilities …

Read More »

Vulnerabilities in some D-Link and Comba routers reveal credentials in format of plain text

Vulnerabilities in D-Link and Comba Routers

Trustwave specialists discovered a number of vulnerabilities in D-Link and Comba Telecom routers. Bugs allow extracting data from Internet providers and access passwords from devices without authentication. After examining the D-Link DSL-2875AL router, the researchers found out that it is affected by the same problem that other devices of the manufacturer are vulnerable to: they give access to all router …

Read More »

Researchers discover second critical vulnerability in Exim servers in two months

Second Exim Critical Vulnerability

The second critical vulnerability has been discovered in the popular Exim mail server software that allows remote code execution and access to a system with superuser privileges. An open source contributor and security researcher with online nick Zerons discovered the vulnerability that later was analyzed by cybersecurity experts at Qualys. A fix for the vulnerability, as well as a detailed …

Read More »

Another 0-day vulnerability discovered in Android

Android 0-day Vulnerability

Participants in the Google project Zero Day Initiative (ZDI) published details of a 0-day vulnerability that could allow local privilege escalation in Android. According to the description in the ZDI blog, a dangerous vulnerability is present in the v4l2 driver (Video4Linux 2), which provides the possibility of audio and video capture for a Linux family of OS. As it turned …

Read More »

Zerodium first rated exploits for Android more expensive than for iOS

Android more expensive than iOS

The well-known vulnerability broker, Zerodium, has updated its price list, and now for the first time in history exploits for Android are more expensive than exploits for iOS. IS researchers have the opportunity to earn on 0-day bugs for Android, the operation of which does not require user’s interaction, up to $2,500,000. Similar exploits for iOS cost $2,000,000. Thus, Zerodium …

Read More »

In free Bitdefender antivirus fixed vulnerability, which led to escalation of privileges

Vulnerability in Free Bitdefender Antivirus

SafeBreach specialists discovered a vulnerability in the free antivirus Bitdefender Antivirus Free 2020 (up to version 1.0.15.138 that fixes the problem). The bug received the identifier CVE-2019-15295 and scored 5.9 points on the CVSS vulnerability rating scale. The vulnerability could be used by attackers to elevate privileges to the SYSTEM level. The problem is related to the lack of proper …

Read More »

Vulnerability in Trend Micro Password Manager endangers Windows users

Vulnerability in Trend Micro

SafeBreach researchers found a vulnerability in the Trend Micro Password Manager. Using this security issue, an attacker can strengthen his presence in an attacked Windows system. The attack vector exists due to the fact that the Trend Micro Password Manager Central Control Service (PwmSvc.exe file) is launched with the rights of the most privileged Windows account – NT Authority\System. “This …

Read More »

Researchers introduced a system for assessing the probability of exploiting vulnerabilities in real attacks

Exploit Prediction Scoring System

As you probably know, all systems are vulnerable. Annually, CVE identifiers are assigned to thousands of discovered vulnerabilities, and it’s almost impossible to monitor every new one. Exploit Prediction Scoring System maybe solve these problems How to understand which companies correct immediately, and which ones can be put on hold, specialists tried to figure out at the Black Hat USA …

Read More »

Researchers estimate that 1.2 billion of Apple’s devices are not protected from MitM attacks

AWDL vulnerability in Apple devices

Researchers at Darmstadt Technical University claim that the Apple Wireless Direct Link Protocol (AWDL) contains vulnerabilities that endangers more than 1.2 billion devices. Using these gaps, an attacker can track users, disable devices, or intercept files transferred between devices (man-in-the-middle, MitM). Experts from Darmstadt Technical University began analyzing the Apple Wireless Direct Link protocol last year. Though Apple launched AWDL …

Read More »

Vulnerability in ProFTPD allows coping files without permission and executing arbitrary code

ProFTPD servers are vulnerable

German researcher Tobias Mädel discovered that, under certain conditions, ProFTPD servers are vulnerable to remote code execution and information disclosure attacks. The root of the problem lies in the mod_copy module bug, which allows arbitrary files copying. Most often, this module is enabled by default. “All versions of ProFTPd up to and including 1.3.6 (the problem extends to 1.3.6 only …

Read More »

On GitHub published a detailed analysis of BlueKeep vulnerability that simplifies creation of exploits

As part of the May “Tuesday updates”, Microsoft fixed the critical vulnerability CVE-2019-0708 (also known as BlueKeep) related to the operation of Remote Desktop Services (RDS) and RDP. Although the technical details of the problem were not disclosed due to its high level of threat, it is known that with the help of this bug attackers can execute arbitrary code …

Read More »

What to do if your Facebook account got hacked?

Millions of computer users of various countries today use Facebook, a truly innovative communication tool and a real masterpiece of Mark Zuckerberg. Sadly, cyber hackers these days invent various methods of hacking Facebook accounts. In many cases Facebook account can be hacked when users click a link that leads to a fake Facebook signup page, or login page. It outwardly …

Read More »