all InfoSec news
Warning for Certification Solution (VestCert) Vulnerability and Update Recommendation
Malware Analysis, News and Indicators - Latest topics malware.news
Vulnerable Software and Overview
VestCert is a certification program used while accessing websites, and is a non-ActiveX module developed by the Korean company, Yettiesoft. This program is registered as a Startup Program and will be relaunched by Yettiesoft’s service (Gozi) even if it is terminated. It remains constantly active as a process once it is installed, so it can be exposed to vulnerability attacks. Thus, it needs to be updated to the latest version.
Description of the Vulnerability
This vulnerability …
activex attacks certification exposed gozi malware analysis non process program service software solution startup update vestcert vulnerability vulnerable warning websites