#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

driver exploit | Breaking Cybersecurity News | The Hacker News

Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems

Ransomware Attackers Use Microsoft-Signed Drivers to Gain Access to Systems
Dec 14, 2022 Endpoint Security / Firmware Security
Microsoft on Tuesday disclosed it took steps to implement blocking protections and suspend accounts that were used to publish malicious drivers that were certified by its Windows Hardware Developer Program . The tech giant said its investigation revealed the activity was restricted to a number of developer program accounts and that no further compromise was detected. Cryptographically signing malware is concerning not least because it not only undermines a key security mechanism but also allows threat actors to subvert traditional detection methods and infiltrate target networks to perform highly privileged operations. The probe, Redmond stated, was initiated after it was notified of rogue drivers being used in post-exploitation efforts, including deploying ransomware, by cybersecurity firms Mandiant, SentinelOne, and Sophos on October 19, 2022. One notable aspect of these attacks was that the adversary had already obtained administrative privileges on compromised systems before

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs

Over 40 Drivers Could Let Hackers Install Persistent Backdoor On Windows PCs
Aug 11, 2019
If you own a device, or a hardware component, manufactured by ASUS, Toshiba, Intel, NVIDIA, Huawei, or other 15 other vendors listed below, you're probably screwed. A team of security researchers has discovered high-risk security vulnerabilities in more than 40 drivers from at least 20 different vendors that could allow attackers to gain most privileged permission on the system and hide malware in a way that remains undetected over time, sometimes for years. For sophisticated attackers, maintaining persistence after compromising a system is one of the most important tasks, and to achieve this, existing hardware vulnerabilities sometimes play an important role. One such component is a device driver, commonly known as a driver or hardware driver, a software program that controls a particular type of hardware device, helping it to communicate with the computer's operating system properly. Since device drivers sit between the hardware and the operating system itself and in

external linkEliminating SaaS Shadow IT is Now Available via a Free Self-Service Product

SaaS
websitewww.wing.securitySaaS Security / Shadow IT
This new product provides IT and Security visibility into the risky SaaS apps employees are using.
More Resources