Welcome to Process-info.org library

Process-info.org is an online library of Computer Operating System's Processes, which helps you to identify processes running at background of computer operating system or at remote computers on your network.

Process-info.org contains a growing database of executable processes (mostly with .EXE extension) and DLL libraries. You can search for processes through search box or navigate alphabeticaly by starting letter of process name.

It is assumed that users are familiar with computer operating system they're using and agree with suggested changes. Process-info.org will not be held responsible, if changes you make cause a system failure.

The Latest News

15 latest global news related to computer security

April 19, 2014 3:08:31 AM CEST

Rootkit:W32/ZAccess – Rootkit:W32/ZAccess constantly displays advertisements on the infected machine and may silently contact remote servers to retrieve additional advertising information.

 

April 17, 2014 11:06:53 PM CEST

VU#251628: Amtelco miSecureMessages app lacks authentication – AMTELCO miSecureMessages performs weak authentication for access to user messages(CWE-287).

 

April 17, 2014 10:34:53 PM CEST

VU#720951: OpenSSL heartbeat information disclosure – OpenSSL 1.0.1 and 1.0.2 beta contain a vulnerability that could disclose sensitive private information to an attacker. This vulnerability is commonly referred to as"heartbleed."

 

April 17, 2014 6:16:00 PM CEST

Tor anonymity network to shrink as a result of Heartbleed flaw – The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network's entry and exit capacity.The decision has already been implemented on a Tor directory authority -- a server that maintains a list of Tor relays -- controlled by Roger Dingledine, the Tor Project leader, and is likely to be followed by other directory authority operators.The 380 relays flagged for rejection are trusted entry relays, also known as guards, and exit relays. As a result, the immediate impact of this decision would be a 12 percent reduction in the network's guard and exit capacity, Dingledine said Wednesday in an email sent to the tor-relays mailing list.Traffic from clients typically flows through the Tor network in three hops. The first hop is through a guard relay and the final hop, before the traffic is returned on the Internet to reach its intended destination, is through an exit relay.Twelve percent might not sound like much, but guard and exit relays play an important role on the network and are not easy to replace. Many relays are run by volunteers, but they need to be trusted and need to have enough bandwidth at their disposal to handle traffic from multiple clients."I thought for a while about taking away their Valid flag rather than rejecting them outright, but this way they'll get notices in their logs," Dingledine said.It seems that the ban might be permanent. Dingledine said that he wouldn't want those relays back on the Tor network even if they upgraded their versions of OpenSSL because their operators didn't patch the flaw in a timely manner.The Heartbleed vulnerability was announced on Apr. 7 and affects versions 1.0.1 through 1.0.1f of OpenSSL, a library that implements the TLS (Transport Layer Security) encrypted communication protocol and which is used by many operating systems, web servers, browsers and other desktop and mobile applications.The flaw allows attackers to extract information from the memory of an application that relies on OpenSSL for TLS communications, whether that application acts as a client or a server.Both the Tor client and relay software is potentially vulnerable if the OpenSSL library is not updated on the underlying OS."Tor relays and bridges could maybe be made to leak their medium-term onion keys (rotated once a week), or their long-term relay identity keys," Dingledine wrote in a blog post last week after the Heartbleed flaw was announced."An attacker who has your relay identity key, has your onion key, and can intercept traffic flows to your IP address can impersonate your relay (but remember that Tor's multi-hop design means that attacking just one relay in the client's path is not very useful). In any case, best practice would be to update your OpenSSL package, discard all the files in keys/ in your DataDirectory, and restart your Tor to generate new keys."In addition to the 380 guard and exit relays that have been banned already there are over 1,000 other relays that are also vulnerable and should be added to the rejection list at some point soon, Dingledine said.

 

April 17, 2014 4:43:00 PM CEST

VPN provider proves OpenVPN private keys at risk from Heartbleed bug – The fallout from the OpenSSL Heartbleed bug continues. Recently, personal virtual private network provider Mullvad said it was able to extract private encryption keys for OpenVPN from a test server.The group behind OpenVPN had previously warned that OpenVPN could be vulnerable to attack since the open source VPN software uses OpenSSL by default. But Sweden-based Mullvad's tests appear to be the first proof-of-concept proving that extracting private keys is actually possible."We have successfully extracted private key material multiple times from an OpenVPN server by exploiting the Heartbleed Bug," Mullvad co-founder Fredrik Strömberg wrote on Hacker News. "The material we found was sufficient for us to recreate the private key and impersonate the server."Vulnerability to Heartbleed is particularly damaging for users since VPNs are meant as an extra step to make sure your online communications are kept private. If attackers are able to extract the private keys and then impersonate the VPN server, it puts users' encrypted communications at risk.As with all Heartbleed vulnerabilities, however, extracting information from a VPN server would take time and effort. Mullvad wouldn't say exactly how much data it had to gather to recreate the private keys in its tests. But the company did tell Ars Technica, which first reported on this story, that the exploit required more than 1 gigabyte of data but less than 10GB before it obtained the keys in full.With Heartbleed leaking random data 64KB at a time, that means in Mullvad's case gathering the private keys required, at a minimum, more than 16,000 hits to the server. A number that should set off alarm bells for most IT admins.Nevertheless, Mullvad's tests show the threat to providers using OpenVPN is real."Our exploit is decently weaponized...we believe it may severely impact those who have not already upgraded," Strömberg said in his Hacker News post. "You should assume that other teams with more nefarious purposes have already created weaponized exploits for OpenVPN."Anyone who relies on a personal VPN service using OpenVPN should check with their provider to see if they're affected.

 

April 17, 2014 3:37:56 PM CEST

WordPress vulnerability puts mobile visitors at risk – Today one of our colleagues came into our office and said, “Hey guys, I’ve been infected.” I thought to myself, yeah, how bad can this be? After a bit of digging we found the results were worth it; it turned out to be a really “interesting ” case of mobile redirected threats localized for each […]

 

April 17, 2014 2:59:14 PM CEST

Trend Micro Heartbleed Detector Now Available – In previous blog entries, we’ve discussed various aspects of the Heartbleed vulnerability in OpenSSL. Last Tuesday, our first blog post covered an analysis of the vulnerability itself, as well as some steps that IT administrators of affected systems could do in order to protect themselves. Later entries looked at how popular websites and mobile apps were, […]Post from: Trendlabs Security Intelligence Blog - by Trend MicroTrend Micro Heartbleed Detector Now Available

 

April 17, 2014 2:39:00 PM CEST

Heartbleed: Security experts reality-check the 3 most hysterical fears – Heartbleed has dominated tech headlines for a week now. News outlets, citizen bloggers, and even late-night TV hosts have jumped on the story, each amping up the alarm a little more than the last one. But while it's true Heartbleed is a critical flaw with widespread implications, several security experts we've spoken with believe the sky-is-falling tone of the reporting is a bit melodramatic."While this is technically a big deal,' the exposure that this has received by the media is overblown," says Greg Foss, senior security research engineer for LogRhythm, "especially when compared to other serious vulnerabilities that are responsibly disclosed every day, which few outside of the security community ever hear about."So what do you need to worry about? Read on for the hype and the reality behind three of the most common claims to come out of the heartbleed hysteria.The hype: The entire Internet has been compromised and it's open season for hackers.The reality: You're probably not a target.The Heartbleed vulnerability exists in OpenSSL, a common implementation of the SSL protocol used to secure communications on the Internet. It doesn't matter which browser or device you're using--if you are connecting to, or interacting with, sites and services that are using a vulnerable version of OpenSSL, any data you transmit is at risk of compromise.That's certainly serious, but the patch for Heartbleed has been available since the vulnerability was publicly disclosed, and most affected sites and applications have already taken corrective action. The remaining sites and consumer-oriented Internet-of-things devices that rely on OpenSSL are at greater risk now that the flaw is public, but attackers generally focus on easy targets with high value. Your home router is most likely not worth the time and effort.The hype: You're at great risk of being hacked.The reality: Your risk is minimal if you're taking basic security measures.CloudFlare tests confirmed it's possible to use the Heartbleed vulnerability to capture a server's private encryption key. Because this could enable an attacker to spoof a connection, create a malicious site that appears legitimate, or decrypt communications they've collected, sites and services need to be aware of it.But there are two important caveats to consider. First, obtaining the private key requires a number of requests that any IDS/IPS (intrusion detection system / intrusion prevention system) should detect. In theory, an attacker shouldn't be able to steal the private keys, because alarm bells would go off and the IT admin would take steps to block those attempts.Second, the leakage of a private key doesn't necessarily increase risks to the average consumer. "If you're a regular user of public Wi-Fi, then the risk is greatly increased," says Tyler Reguly, security research manager for Tripwire. "[But] if you're using your home computer on your own connection or your phone's data plan, the risk is minimized quite a bit. The odds that attackers have stored packet captures of your interactions that they can go back and decrypt is incredibly unlikely."The hype: You must change all of your passwordsThe reality: You should, but not yetIt's true that the Heartbleed vulnerability has existed for a couple years, and there's a fair chance that your passwords have been exposed or compromised. However, it's pointless to change your password on a vulnerable site before it has confirmed that the service is patched.Tom Cross, director of security research at Lancope, says passwords were likely only exposed if users logged in to a vulnerable site after the vulnerability was made public. The odds of that are lower than the alarm around Heartbleed might suggest, because only 11 to 17 percent of websites are estimated to have been vulnerable, and most of them rapidly deployed the necessary patch.The problem here is knowing when a vulnerable site has been fixed. Not all companies are being forthright about remediating the bug."Unless your vendors have specifically announced they have patched and reset their certificates, it wouldn't be a bad idea to change your password now and then again in a month," says Andrew Storms, director of DevOps for CloudPassage. "Everyone should remember two important best practices: use unique passwords on each site and change your password on a regular basis."The real risk is crying wolfAs far as these experts are concerned, more dangerous than the Heartbleed vulnerability itself is the distorted expectations the media has created in its wake."Everyone talks about educating users, but this assumption puts the onus on the security industry," says Reguly. "If we cry wolf with every vulnerability, we're doing end users a disservice." Other security issues deserve as much or more concern, Reguly adds. "This is a critical issue that must be fixed, but for the average consumer the latest Flash and IE zero-days still pose a greater risk than Heartbleed."

 

April 17, 2014 1:40:00 PM CEST

Acer turns a corner with another big contract win in 2014 – Acer has picked up a key contract win, Victoria Police, joining its other big 2014 hauls: the Electoral Commission and Woolworths.After a couple of years where the company kept quiet and saw its revenues and profits collapse, new managing director Darren Simmons says the struggling PC maker has turned a corner in Australia. Former MD Charles Chung resigned in February 7 following health issues. Chung had been with the company since 1988, with Simmons as his Sales Director for 13 years.Read more stories about the IT ChannelSince Simmons' ascension, his replacement as sales director for Oceania, Rod Bassi, said the key has been the company's renewed focus on the Australian channel, and it has already pulled in some big wins.Acer also revealed to ARN that it has also just picked up the contract for Victoria's police force, providing 12,500 devices, including 1000 laptops. It already provides hardware and support to the South Australian and Tasmanian police forces. Further details will be made available shortly.Already in 2014 it has won a major joint-tender contract from a consortium of Victoria, Queensland and New South Wales' Electoral Commissions, that will see the company provide 5100 tablets for vote counting purposes at each state's forthcoming elections. All of these Acer branded devices will run Android, and deployment begins shortly."Traditionally if you look at those spaces they use enterprise software, such as Windows 8, so using Android is quite unusual," Simmons said."Asides from being a very good win for Acer, it's also a very good win for Google Enterprise."As part of Woolworth's new move to the Cloud, Acer also won the contract to provide the supermarket giant with 5000 of its Chromebooks."The year is so young, and already we have these two sizable wins for Acer, and with a non-traditional OS. It's a sign of how the market is changing," said Bassi.Simmons told ARN that part of the company's key value add offering has been its local assembly workforce base. While almost every device manufacturer has deserted Australian shores, Acer still assembles computers in Australia -- which he believes gives the company a key supply chain advantage, not just in terms of speed of delivery, but in terms of maintenance and customisation - and security.It means that each laptop can be assembled, certified, individualised and licensed in Australia, not only providing jobs but catering to the local educational sector's needs. It helped the company pull in a recent contract with AB Paterson College in Queensland for 1100 Windows 8 devices. With short turnarounds, such as school holiday requirements, Acer's quick delivery time was a factor.The onshore advantage has helped the company pull in several key government contracts, especially in Canberra. When dealing with police forces and government departments, Simmons said that its onshore presence has rapidly become a key advantage for the company - especially in the wake of the NSA and other governments' spying - which has seen a fear of sensitive data heading offshore.All in all, Simmons estimates that 40 per cent of the Acer business going forward will be channel focused, compared to 25 per cent for its rivals. He said this renewed focus will see further big wins (including one the company was not ready to discuss with ARN yet), not just for itself, but for key channel partners Bluepoint, Synnex and Ingram Micro.He told ARN the disties were happy with the company's refined direction, and he is looking to work with resellers to push the company in a more managed services direction, eventually, which means even tighter relationships with its partners, trying to provide horizontal and vertical solutions integration."We are keen to engage the channel, and we are renewing our focus on SMBs, SMEs, education, retail and corporate clients. We are a channel first organisation, because that's the way we've always been, even if we have been a bit quiet over the last 12 months," said Simmons.Simmons also said the company's restructuring, which also bogged the company down over the last nine months is over -- and there would be no further staff cuts of any kind.It has already renewed a lapsed agreement with Harvey Norman to sell its devices at retail (Acer hasn't appeared on its shelves for 18 months), and Simmons wants to see the company reclaim its top three spot as a PC vendor in Australia.

 

April 17, 2014 1:00:00 PM CEST

IT threat evolution Q1 2014 – According to KSN data, Kaspersky Lab products blocked a total of 1131000866 malicious attacks on computers and mobile devices in the first quarter of 2014.

 

April 17, 2014 1:00:00 PM CEST

IT threat evolution Q1 2014 – According to KSN data, Kaspersky Lab products blocked a total of 1131000866 malicious attacks on computers and mobile devices in the first quarter of 2014.

 

April 17, 2014 12:59:00 PM CEST

Facebook users targeted by iBanking Android trojan app – Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.Security researchers from antivirus vendor ESET have identified a new variant of a computer banking Trojan called Qadars that injects rogue JavaScript code into Facebook pages when opened in a browser from an infected system. The injected code generates a message instructing users to download and install Android malware that can steal authentication codes sent to their phones via SMS.These man-in-the-browser attacks are known as webinjects and have long been used by computer Trojans to display rogue Web forms on online banking websites with the goal of collecting log-in credentials and other sensitive financial information from users.Webinjects are also commonly used to display messages that instruct users to download and install malicious applications on their mobile phones by presenting them as security apps required by financial institutions. In reality those rogue mobile apps are designed to steal mobile transaction authorization numbers (mTANs) and other one-time passwords sent by banks via SMS.In February security researchers from RSA, the security division of EMC, reported that the source code for an advanced Android Trojan called iBanking was released on an underground forum and warned that this development will allow more cybercriminals to incorporate this mobile threat in their future operations.Once installed on an Android phone, iBanking can capture incoming and outgoing text messages; can redirect calls to a pre-defined phone number; can capture audio from the surrounding environment using the device's microphone and can steal the call history log and the phone book.The authors of the Qadars computer Trojan were quick to adopt iBanking, according to a new report by researchers from ESET, but instead of using it against online banking users they appear to be targeting accounts on Facebook."Through our monitoring of the banking Trojan Win32/Qadars [...] we have witnessed a type of webinject that was totally new for us: it uses JavaScript, meant to be injected into Facebook web pages, which tries to lure the user into installing an Android application," ESET malware researcher Jean-Ian Boutin said Wednesday in a blog post.When users log into Facebook from a computer infected with Qadars they will see a rogue message informing them that "due to a rising number of attempts in order to gain unlawful access to the personal information of our users and to prevent corrupted page data to spread Facebook administration introduces new extra safety protection system."This alleged protection system is presented as a mobile application that generates unique authentication codes that can be used instead of regular passwords. In order to obtain the application, users are asked to specify the OS of their mobile phone and their phone number. They are then directed to a page with a download link and a corresponding QR code.The application being offered to Android device owners is a version of the iBanking Trojan app that has been modified to look as a Facebook application for generating one-time passwords. During installation, users are instructed to enable the Android setting allowing the installation of apps obtained from unknown sources and are asked to give the app device administrator permissions."The way iBanking is installed on the user's mobile is quite common, but it is the first time we have seen such a mobile application targeting Facebook users for account fraud," Boutin said.It's possible that the attackers are using iBanking to steal security codes sent via SMS by Facebook's legitimate two-factor authentication system. It may be that there's a growing number of people using this protection feature on Facebook, making accounts harder to compromise through traditional credential theft attacks, Boutin said.However, it's also possible that attackers have chosen to use webinjects on Facebook because it's an efficient way to distribute the malware to a lot of users without worrying which particular banking sites they regularly interact with."Now that mainstream web services such as Facebook are also targeted by mobile malware, it will be interesting to see whether other types of malware will start using webinjects," Boutin said. "Time will tell, but because of the commoditization of mobile malware and the associated code source leaks, this is a distinct possibility."

 

April 17, 2014 11:49:00 AM CEST

Microsoft extends Windows 8.1 Update migration deadline for business – Microsoft on Wednesday extended the Windows 8.1 Update migration deadline for businesses by three months, but again told consumers they had less than four weeks to make the move before the company shuts off their patch faucet.The aggressive schedule was criticized by enterprise IT personnel who saw it as a repudiation of Microsoft's long-standing policy of giving customers 24 months to upgrade to a service pack. Although Windows 8.1 Update (Win8.1U) was not labeled as such, many saw similarities to Microsoft's service packs and believed Win8.1U should hew to that policy as a wannabe for Windows 8.1.Microsoft didn't see it that way. In an email reply to questions from Computerworld last week, a company spokeswoman said, "Customer support in Windows 8.1 Update is no different than other versions of Windows and Microsoft products" when asked to explain the five-week deadline for installing Win8.1U. "Windows 8.1 Update is a cumulative update for Windows 8.1, and it does not reset the lifecycle support policy for Windows 8," she added.True: Customers who have not yet upgraded from Windows 8 to Windows 8.1 have until January 12, 2016 -- 24-plus months from the former's 2012 release -- to finish their migration before Microsoft will refuse to serve them new patches.But Microsoft's contention that Win8.1U was no different than any other update, and so was not straying from past practice, was at best disingenuous: The time given for its migration was much shorter, and unlike most other deadlines the Redmond, Wash. developer issues, was sprung on users without advance notice.If users of Windows 8.1 do not upgrade to Win8.1U within the limited time frame, they will not receive further security fixes, which is the same result as if they had not complied with the 24-month rule after a service pack's release, or, for that matter, if they do not replace Windows 8 with Windows 8.1 within the next 21 months.Microsoft's best explanation for Win8.1U's required deployment came from another company spokesman, Brandon LeBlanc, who announced the extension for businesses. "Windows 8.1 Update ... reflects Microsoft's commitment to providing a more rapid cadence of feature improvements for our customers," LeBlanc wrote Wednesday.Analysts articulated Microsoft's rationale in much the same way, although in more colorful language. "Microsoft is going to drag organizations and users into this new world of faster updates kicking and screaming," said Michael Silver of Gartner a week ago.Customers now running Windows 8.1 and who use Windows Update to retrieve and install patches and other bug fixes must be on Win8.1U by May 13, the next regularly-scheduled Patch Tuesday, to receive security updates without interruption. That was left unchanged by Microsoft on Wednesday.However, enterprises and other organizations that rely on WSUS (Windows Server Update Services), Windows Intune or System Center Configuration Manager to obtain and deploy patches now will have until August 12 to migrate from Windows 8.1 to Win8.1U.LeBlanc alluded to customer complaints when he described the new deadline. "We've been actively discussing this new approach to servicing with enterprise customers and listening to their feedback regarding managing the deployment timeline," he wrote. "As a result, we've decided to extend the timeframe for enterprise customers to deploy these new product updates from 30 to 120 days."While the additional three months will likely be welcome news to firms managing Windows 8.1-powered devices, the 120 days will still be just one-sixth the usual grace period given when Microsoft ships a service pack, or what was given Windows 8, which followed the service pack required migration timetable.Also on Wednesday, Microsoft said it had fixed a bug that had prompted it to suspend delivery of Win8.1U to organizations running WSUS, and was again pushing Win8.1U through that channel. The seven-day stoppage of Win8.1U had reduced businesses' initial five-week window to four, and perhaps contributed to Microsoft's decision to extend the deadline into August.Others, however, remain plagued by a variety of error messages that have popped up when they tried -- unsuccessfully -- to update Windows 8.1 to Win8.1U. A series of threads on Microsoft's support forum, including one that has been viewed over 18,000 times and contained more than 400 separate entries, both large numbers by Microsoft standards, were still active Wednesday.The same deadline of August 12 also applies to Windows Server 2012 R2 Update, which like Win8.1U was released last week, Microsoft said in a separate post on its Windows Server blog.Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.See more by Gregg Keizer on Computerworld.com.Read more about windows in Computerworld's Windows Topic Center.

 

April 17, 2014 11:00:00 AM CEST

New threat: Trojan-SMS.AndroidOS.Stealer.a – The situation surrounding attempted mobile malware infections is constantly changing, and I’d like to write about one recent trend. Over the last year, Trojan-SMS.AndroidOS.Stealer.a, a mobile Trojan, has become a leader in terms of the number of attempted infections on KL user devices, and now continually occupies the leading positions among active threats. For example, in Q1 2014 it accounted for almost a quarter of all detected attacks. Geographic distribution This SMS Trojan has actively been pushed by cybercriminals in Russia, and there have also been continual attempts to attack users in Europe and Asia. Infections with this Trojan have occurred virtually everywhere across the globe:

 

April 17, 2014 7:00:00 AM CEST

Smartphones Send Secret Premium SMS Texts – Five ways to protect yourself from premium SMS scams and other mobile malware.

 
 
 

Navigate through library of processes alphabeticaly by first letter: