BYOVD | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver ( BYOVD ) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese cybersecurity firm Antiy Labs has codenamed the activity as HIDDEN SHOVEL. "GHOSTENGINE leverages vulnerable drivers to terminate and delete known EDR agents that would likely interfere with the deployed and well-known coin miner," Elastic researchers Salim Bitam, Samir Bousseaden, Terrance DeJesus, and Andrew Pease said . "This campaign involved an uncommon amount of complexity to ensure both the installation and persistence of the XMRig miner." It all starts with an executable file ("Tiworker.exe"), which is used to run a PowerShell script that retrieves an obfuscated Power

Multiple threat actors are exploiting the recently disclosed security flaws in JetBrains TeamCity software to deploy ransomware, cryptocurrency miners, Cobalt Strike beacons, and a Golang-based remote access trojan called Spark RAT. The attacks entail the exploitation of  CVE-2024-27198  (CVSS score: 9.8) that enables an adversary to bypass authentication measures and gain administrative control over affected servers. "The attackers are then able to install malware that can reach out to its command-and-control (C&C) server and perform additional commands such as deploying Cobalt Strike beacons and remote access trojans (RATs)," Trend Micro  said  in a new report. "Ransomware can then be installed as a final payload to encrypt files and demand ransom payments from victims." Following public disclosure of the flaw earlier this month, it has been weaponized by threat actors associated with  BianLian  and  Jasmin ransomware  families, as well as to drop the XMR

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.