News, Tips, Security Lab
Virus and Threat Protection Page Not Available
Windows 10 and 11 users may sometimes encounter a “Virus and threat protection page not available” message. Although this message…
PUADlmanager Win32/InstallCore
PUADlmanager Win32/InstallCore is a detection that Microsoft Defender antivirus uses to detect potentially unwanted programs (PUА). It is a malware…
XZ Utils Backdoor Discovered, Threating Linux Servers
A backdoor in liblzma library, a part of XZ data compression tool was discovered by Andres Freund. The maintainer of…
UnitedHealth Hack Leaks 6 TB of User Data
UnitedHealth Group, one of the largest providers of health insurance and health care services in the United States, suffered a…
Microsoft SharePoint Vulnerability Exploited, Update Now
In late March 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued the alert regarding the exploitation of a…
HackTool:Win32/Crack
HackTool:Win32/Crack is related to hacking tools for bypassing license verification. These are often activators of Windows, MS Office, and other proprietary software. Contrary to the widespread belief that such tools…
PyPI Malware Spreading Outbreak Exploits Typosquatting
PyPI, an index of Python packages, once again became a place for malware spreading. Threat actors registered hundreds of profiles to deploy packages, with the name set as typosquatting to…
ShadowRay Vulnerability Threatens AI Workloads, No Patch Available
Recent review of vulnerabilities in the Ray framework uncovered the unpatched flaw, dubbed ShadowRay. It appears that hundreds of machine learning clusters were already compromised, leading to the leak of…
PUA:Win32/Packunwan
PUA:Win32/Packunwan is a generic detection of potentially unwanted program that uses software packing. It can range from being just annoying to creating a severe threat to the system safety. Depending…
PUABundler:Win32/Rostpay
PUABundler:Win32/Rostpay is an antivirus detection related to the software released by Rostpay LLC. Antivirus programs detect it because it contains a lot of additional unwanted programs (PUA). Although their applications…
GoFetch Vulnerability in Apple Silicon Uncovered
Researchers uncovered a vulnerability in Apple Silicon processors, dubbed GoFetch. It allows attackers to extract secret keys from Mac computers while performing widespread cryptographic operations. Notably, it is practically impossible…
VirTool:Win32/DefenderTamperingRestore
VirTool:Win32/DefenderTamperingRestore is the name of the Microsoft Defender detection of a malicious element present in the system. Usually, it marks a thing that can weaken the system security and make…
Hellminer.exe Coin Miner
Hellminer.exe is a process you can see in the Task Manager that indicates a malicious software activity. It stands out by the high CPU load it creates, making the system…
STRRAT and Vcurms Malware Abuse GitHub for Spreading
A new phishing campaign has recently been discovered that uses GitHub to deliver Remote Access Trojans (RAT) STRRAT and Vcurms via a malicious Java downloader. ANY.RUN specialists have detected the…
Dragon Angel Malicious Browser Extension
Dragon Angel is a browser extension that functions as a hijacker malware. It redirects users to promoted search engines or websites. These redirects ruin the process of browsing and can…
Usermode Font Driver Host (fontdrvhost.exe)
The Usermode Font Driver Host process is an important part of the Windows operating system. It may raise questions among users due to its high consumption of resources such as…
PUA:Win32/Vigua.A
PUA:Win32/Vigua.A is a universal detection name used by Microsoft Defender to detect potentially unwanted applications (PUAs). This is often associated with various system optimizers that have hidden functionality in addition…