News, Tips, Security Lab

What is Backdoor:Win32/Bladabindi!ml?

Backdoor:Win32/Bladabindi!ml Analysis & Removal Guide

Backdoor:Win32/Bladabindi!ml is a generic detection name used by Microsoft Defender. It specifically refers to a backdoor malware known as njRAT,…

PUA:Win32/PCMechanic – PC Mechanic Plus Removal Guide

PUA:Win32/PCMechanic is a detection associated with the potentially unwanted application. This pseudo system optimizer claims that the user’s system has…

Trojan:Script/Ulthar.A!ml

Trojan:Script/Ulthar.A!ml is a detection of Windows Defender that identifies as a trojan. It specifically refers to a script-based malicious program.…

rsEngineSvc.exe Process: Reason Core Security Engine Service

RsEngineSvc.exe is an executable file associated with RAV Antivirus, a program developed by ReasonLabs. While being less dangerous than malware,…

Bitfiat Process High CPU – Explained & Removal Guide

Bitfiat is a malicious coin miner that exploits your computer’s hardware to mine cryptocurrencies. Such malware takes as much resources…

Definition of Bootkit

What is a Bootkit? Explanation & Protection Guide

Bootkit is a rather unusual and unspoken, though widely used kind of malware. These advanced malware types operate beneath the surface, embedding themselves in a computer’s boot sector, allowing them…

Kasseika Ransomware Uses BYOVD Tactics in Attacks

Kasseika Ransomware Exploits Vulnerable Antivirus Drivers

A new ransomware called “Kasseika” uses Bring Your Own Vulnerable Driver tactics to disable antivirus software before encrypting files. Kasseika was likely built by former members of the BlackMatter group…

Critical Auth Bypass Vulnerability in GoAnywhere MFT

GoAnywhere MFT Auth Bypass Vulnerability Discovered

The fest of vulnerabilities in enterprise software continues with an auth bypass flaw in Fortra’s GoAnywhere MFT. Rated at CVSS 9.8, this flaw allows an adversary to create an administrator…

RCE Vulnerability in Confluence Exploited in the Wild

Confluence RCE Vulnerability Under Massive Exploitation

Researchers are seeing attempts to exploit a critical vulnerability in outdated Atlassian Confluence servers. The flaw allows attackers to execute code remotely, with most attempts from Russian IP addresses. Typically…

TikTok Shopping Scams Gaining Momentum - How to Avoid?

TikTok Shopping Scams On The Rise: Tips to Avoid

As TikTok evolves into a digital marketplace, its shopping feature presents a new terrain ripe with opportunities. However, this shift includes certain risks, particularly for the youthful demographic, who are…

CISA Urges Patching Citrix RCE Vulnerability

2 Citrix RCE Under Active Exploitation, CISA Notifies

CISA has given a timeframe of one to three weeks to fix three vulnerabilities related to Citrix NetScaler and Google Chrome. These zero-day vulnerabilities were actively used in cyber attacks.…

LockBit Ransomware Starts Using Word Files For Distribution, Again

LockBit Ransomware Uses Resume Word Files to Spread

A recent investigation by ASEC reveals the new tactics of an infamous LockBit ransomware. “Post-paid pentesters” started masquerading as innocuous summaries in Word documents. Ironically, this similar tactic is reminiscent…

SonicWall API vulnerability has left 178,000 firewalls vulnerable to attacks.

Over 178,000 SonicWall Firewalls are Vulnerable to DoS and RCE

Recent research uncovers a significant portion of SonicWall firewall instances being susceptible to attacks. In particular, two vulnerabilities are able to cause remote code execution (RCE) and DoS attacks. Unfortunately,…

Research Discover 9 Vulnerabilities in EDK II

9 PixieFail Vulnerabilities Discovered in TianoCore’s EDK II

A chain of 9 vulnerabilities in UEFI’s Preboot Execution Environment (PXE), dubbed PixieFail, was uncovered in a recent research. As the network boot process is a rather novice attack vector,…

What is Facebook Job Scam?

What are Facebook Job Scams and How to Avoid Them?

Facebook is probably the most widely used social media globally. Unfortunately, it has also become a hub for scammers to target unsuspecting users. Among them, fake job scams appear to…

New Chrome 0-day Vulnerability Exploited, Patch Available

New Google Chrome 0-day Vulnerability Exploited, Update Now

In the most recent release notes, Google reports about a new 0-day vulnerability that is already exploited in the wild. The update fixes the issue, but the very fact of…

FBot Malware Targets Cloud and Payment Services.

Novice FBot Stealer Targets Cloud Services

Researchers report about a new malware strain dubbed FBot. This Python-based malicious program appears to be a unique tool in cybercriminals’ arsenal. Its uniqueness is due to its targeting of…