CVE-2020-8099

Bitdefender Antivirus Free contains a vulnerability due to improper handling of junctions that could let an unprivileged user substitute a quarantined file and then restore it to a privileged location. Affected versions are Bitdefender Antivirus Free prior to 1.0.17. The description in the connec...

CVE-2020-8099 Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387)

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17...

Bitdefender High-Level Antimalware SDK Code Issue Vulnerability

Bitdefender High-Level Antimalware SDK is an anti-malware SDK Software Development Kit from Bitdefender Romania. A code issue vulnerability exists in versions of the Bitdefender High-Level Antimalware SDK prior to 3.0.1.204 for Windows-based platforms. The vulnerability stems from an improper...

Dark_Nexus Botnet Compromises Thousands of ASUS, D-Link Routers

A new botnet has compromised hundreds of ASUS, D-Link and Dasan Zhone routers over the past three months, as well as Internet of Things IoT devices like video recorders and thermal cameras. The botnet, called darknexus based on a string it prints in its banner, uses processes similar to previous...

Dark Nexus: A New Emerging IoT Botnet Malware Spotted in the Wild

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. The botnet, named "darknexus" by Bitdefender...

CVE-2020-8096

Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204...

CVE-2020-8096

Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204...

Design/Logic Flaw

Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204...

CVE-2020-8096

CVE-2020-8096 affects the Bitdefender High-Level Antimalware SDK for Windows prior to version 3.0.1.204. The issue is an Untrusted Search Path vulnerability that allows loading third-party code from a DLL found along the search path, due to improper handling of library loading. The vulnerability ...

CVE-2020-8096 Untrusted Search Path Vulnerability in High-Level Antimalware SDK

Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204...

Hackers Hijack Routers to Spread Malware Via Coronavirus Apps

Cybercriminals are hijacking routers and changing Domain Name System DNS settings, in order to redirect victims to attacker controlled sites promoting fake coronavirus information apps. If victims download these apps, they are infected with information-stealing Oski malware. This latest attack...

TrickBot Trojan Adds RDP Brute-Forcing to Its Arsenal

The TrickBot malware has added a new feature: A module called rdpScanDll, built for brute-forcing remote desktop protocol RDP accounts. According to BitDefender, the module has been used in campaigns against telecom, education and financial services industry targets in the United States and Hong...

TrickBot Now Exploits Infected PCs to Launch RDP Brute Force Attacks

A new module for TrickBot banking Trojan has recently been discovered in the wild that lets attackers leverage compromised systems to launch brute-force attacks against selected Windows systems running a Remote Desktop Protocol RDP connection exposed to the Internet. The module, dubbed...

Bitdefender Endpoint Security Tool Code Issue Vulnerability

Bitdefender Endpoint Security Tool is an endpoint security management tool from the Romanian company Bitdefender. A code issue vulnerability exists in the EPSecurityService.exe file in versions prior to Bitdefender Endpoint Security Tools 6.6.11.163. The vulnerability stems from an improper desig...

Bitdefender Antivirus for Mac Permission License and Access Control Issues Vulnerability (CNVD-2020-52440)

SOFTWIN BitDefender Antivirus is a suite of antivirus programs from the Romanian company SOFTWIN. A vulnerability exists in BDLDaemon in versions prior to Bitdefender Antivirus for Mac 8.0.0 with privilege permission and access control issues. The vulnerability stems from a lack of effective...

Bitdefender Antivirus for Mac Permission License and Access Control Issues Vulnerability

SOFTWIN BitDefender Antivirus is a suite of antivirus programs from the Romanian company SOFTWIN. A privilege permission and access control issue vulnerability exists in the AntivirusforMac binary in Bitdefender Antivirus for Mac. An attacker can exploit the vulnerability to execute third-party...

Bitdefender BOX 2 Operating System Command Injection Vulnerability

Bitdefender BOX is a smart home security control device from the Romanian company Bitdefender. An operating system command injection vulnerability exists in Bitdefender BOX 2. The vulnerability arises from the failure of a network system or product to properly filter special characters, commands,...

The vulnerability of the Bitdefender BOX 2 device, related to errors in processing URL addresses via the API /api/download_image, allows a perpetrator to execute arbitrary commands on the target system.

The vulnerability of the Bitdefender BOX 2 device for protecting devices and gadgets is related to errors in processing URL addresses using the API /api/downloadimage. Exploiting this vulnerability allows a hacker to execute arbitrary commands on the target system by sending the malicious file...

Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of BitDefender Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

CVE-2020-8095

A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device...