Subscribe to Email Updates


Author: Andrei Florescu

Andrei Florescu is Director of Product Management, Datacenter at Bitdefender. He guides enterprise-focused product management activity while maintaining involvement in large customer deployments and strategic alliances. Before moving into his current role, Andrei held a variety of customer-facing technology positions. He has numerous industry certifications focused on security, virtualization, and cloud, and is an Electronics Engineer, having earned his degree at University “Politehnica” of Bucharest. He is based in the Dallas/Fort Worth area.

All about Virtualization and Cloud Security | Recent Articles:

Hypervisor Introspection blocks EternalDarkness/SMBGhost Privilege Escalation Exploit (CVE-2020-0796)

Apr 02 by Andrei Florescu
  • EternalDarkness or SMBGhost is the latest vulnerability affecting the Microsoft SMB protocol which was first reported in March 2020
  • This is high-severity threat because SMB vulnerabilities very-often are quickly adopted by “wormified” malicious attacks. As-of publishing of this post, PoCs exist for DoS and local privilege escalation
  • Bitdefender Hypervisor Introspection stops the local privilege escalation 0-day attack without any additional configurations or updates. See the Demo below.
Read More

BlueKeep Exploit Code Released, Blocked by Hypervisor Introspection

Sep 09 by Andrei Florescu
  • BlueKeep is a wormable security flaw in Microsoft Remote Desktop Services that allows attackers to take control remotely of vulnerable systems.
  • Metasploit developers released the first functional prototype of exploit code with payload execution capabilities.
  • Bitdefender tested the newly released exploit code and Hypervisor Introspection prevents this attack (demo included).

Last Friday, security researchers working on the Metasploit project released the first functional exploit code to successfully achieve code execution against systems vulnerable to BlueKeep. This high impact vulnerability affecting Microsoft Remote Desktop Services was first reported as CVE-2019-0708 in May 2019. On May 14th, Microsoft started releasing patches for affected Windows OSes (including the end of life XP and 2003)  

Read More

Protecting Against SWAPGS Attack with Bitdefender Hypervisor Introspection

Aug 06 by Andrei Florescu
  • Speculative execution-based attacks exploit CPU architecture flaws to allow attackers to leak sensitive information from privileged operating system kernel memory
  • The SWAPGS Attack leverages a new speculative execution vulnerability discovered by Bitdefender security researchers
  • The SWAGS Attack circumvents all existing side-channel attack mitigations and allows attackers to gain unprivileged access to kernel sensitive data
  • Bitdefender Hypervisor Introspection technology mitigates the SWAPGS Attack on unpatched Windows systems running on Citrix Hypervisor or KVM hypervisor

Today, multiple industry software and hardware vendors have published security advisories for CVE-2019-1125 related to a newly discovered side-channel attack, dubbed SWAPGS Attack. The SWAPGS Attack was identified and reported by Bitdefender security researchers working on hypervisor introspection and anti-exploit technologies. This led to a coordinated disclosure process that has included several strategic industry partners.

Read More

Agentless Workload Security with GravityZone and NSX-T 2.4 Data Center

Apr 09 by Andrei Florescu
  • VMware NSX-T Data Center 2.4 release now includes Guest Introspection services via agentless endpoint protection.
  • Bitdefender GravityZone Security for Virtualized Environment (SVE) is the first, and currently the only, security vendor that integrates NSX-T Guest Introspection.
  • If you are upgrading to NSX-T Bitdefender solves real operational challenges for highly-dense, large scale datacenter deployments.
Read More

Hypervisor Introspection defeated Eternalblue a priori

Apr 20 by Andrei Florescu

Last Friday (April 14, 2017), just before Easter, an egg was laid by The Shadow Brokers, a group that hopped into the spotlight in mid-2016. This time, the group dropped an especially colorful release, in the form of Eternalblue.

Read More

Cloud Security

Subscribe to Blog Updates

Latest Tweets

Posts by Month