Andrei Florescu, Author at Security Boulevard

Hypervisor Introspection blocks EternalDarkness/SMBGhost Privilege Escalation Exploit (CVE-2020-0796)

EternalDarkness or SMBGhost is the latest vulnerability affecting the Microsoft SMB protocol which was first reported in March 2020 This is high-severity threat because SMB vulnerabilities very-often are quickly adopted by “wormified” malicious attacks. As-of publishing of this post, PoCs exist for DoS and local privilege escalation Bitdefender Hypervisor Introspection ... Read More
Preventing the BlueKeep Exploit (CVE-2019-0708) with Hypervisor Introspection

BlueKeep Exploit Code Released, Blocked by Hypervisor Introspection

BlueKeep is a wormable security flaw in Microsoft Remote Desktop Services that allows attackers to take control remotely of vulnerable systems. Metasploit developers released the first functional prototype of exploit code with payload execution capabilities. Bitdefender tested the newly released exploit code and Hypervisor Introspection prevents this attack (demo included) ... Read More

Protecting Against SWAPGS Attack with Bitdefender Hypervisor Introspection

Speculative execution-based attacks exploit CPU architecture flaws to allow attackers to leak sensitive information from privileged operating system kernel memory The SWAPGS Attack leverages a new speculative execution vulnerability discovered by Bitdefender security researchers The SWAGS Attack circumvents all existing side-channel attack mitigations and allows attackers to gain unprivileged access ... Read More

Agentless Workload Security with GravityZone and NSX-T 2.4 Data Center

VMware NSX-T Data Center 2.4 release now includes Guest Introspection services via agentless endpoint protection. Bitdefender GravityZone Security for Virtualized Environment (SVE) is the first, and currently the only, security vendor that integrates NSX-T Guest Introspection. If you are upgrading to NSX-T Bitdefender solves real operational challenges for highly-dense, large ... Read More