November 23, 2024 at 04:12PM A new malware campaign leverages an outdated Avast Anti-Rootkit driver to disable security components and evade detection. By targeting processes from various security vendors, the malware can operate undetected. Researchers recommend using signature-based rules and Microsoft’s vulnerable driver blocklist to mitigate such risks. ### Meeting Takeaways: 1. **Emerging Malware Threat**: … Read more
November 6, 2024 at 01:00PM SteelFox is a newly discovered malware that mines cryptocurrency and steals credit card data by exploiting vulnerable drivers for SYSTEM privileges on Windows. Distributed as a crack tool via forums and torrents, it affects users of specific software like AutoCAD. Kaspersky reports significant detections, indicating its widespread impact since early … Read more
August 15, 2024 at 02:03PM RansomHub ransomware operators have deployed a new malware, EDRKillShifter, to disable EDR security software in BYOVD attacks. Discovered by Sophos researchers, the malware exploits vulnerable drivers to escalate privileges and disable security solutions. Sophos recommends enabling tamper protection and maintaining a separation between user and admin privileges to mitigate such … Read more
November 2, 2023 at 05:30AM Researchers have discovered that up to 34 different Windows drivers could be exploited by threat actors without privileged access to gain control of devices and execute arbitrary code. Exploiting these drivers could allow attackers to erase or alter firmware and elevate privileges. The vulnerabilities have been identified in drivers including … Read more