BLUE

Iinfosec.skyfleet.blueAug 16, 2024 5:27pm

RansomHub Rolls Out Brand-New, EDR-Killing BYOVD Binary

After loading a vulnerable driver, the utility uses a public exploit to gain privilege escalation and the ability to disable endpoint protection software.

Yyouranonriots.bsky.socialAug 16, 2024 2:40am

RansomHub ransomware operators have been spotted deploying new #EDRKillShifter #ransomeware #cyberattacks www.bleepingcomputer.com/news/securit...

Ransomware gang deploys new malware to kill security software

RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks

PFopfuchs.gayAug 16, 2024 1:00am

Ransomware gangs using BYOVD attacks to kill EDR in the wild: www.bleepingcomputer.com/news/securit...

Ransomware gang deploys new malware to kill security software

RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks

Iinfosec.skyfleet.blueJun 5, 2024 9:24am

BYOVD Attacks: The Hidden Threats of Vulnerable Drivers

Discover the insidious world of BYOVD (Bring Your Own Vulnerable Driver) attacks, where cybercriminals exploit legitimate drivers to…

Yyouranonriots.bsky.socialMay 22, 2024 9:23pm

🚨 New cryptojacking #malware thehackernews.com/2024/05/ghos...#cryptocurrency #hacking #cybersecurity

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

New cryptojacking campaign REF4578 discovered. Hackers use vulnerable drivers to disable security solutions and install XMRig miner.

Imajisemi.bsky.socialApr 25, 2024 12:44am

【気になったニュース】📰 🔵Windowsカーネルドライバに「重大な脆弱性」🔵 ・「アクセス制御不備」の脆弱性🔓 ・「BYOVD」(Bring Your Own Vulnerable Driver)攻撃🏴 ・ベンダーリリースのドライバアップデートを忘れずに適用すること⬆️ Windows民は、気をつけてください👍 forest.watch.impress.co.jp/docs/news/15...

Windowsカーネルドライバーの重大な脆弱性に警戒を～JVNが注意喚起／複数のWDF/WDMドライバーで発見、ベンダーの修正版はかならず適用するように

脆弱性ポータルサイト「JVN」は4月23日、脆弱性レポート「JVNTA#90371415」を公開した。IOCTLインタフェースを実装したWindowsカーネルドライバーで、アクセス制御不備の脆弱性が報告されているという。

PGjbhall56.bsky.socialMar 27, 2024 12:17pm

A new, improved variant on the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments. www.darkreading.com/cloud-securi...

Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers

A new and improved variant of the group's malware combines fileless infection, BYOVD, and more to cause havoc in virtual environments.

EEeyalestrin.bsky.socialMar 6, 2024 10:37am

Kasseika Ransomware Deploys BYOVD Attacks, Abuses PsExec and Exploits Martini Driver #Malware

EEeyalestrin.bsky.socialMar 5, 2024 7:03am

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day #Malware

GDghostdansing.bsky.socialMar 3, 2024 6:30pm

Hackers exploited Windows zero-day to gain Kernel privileges. North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver @ooda @bobgourley.bsky.social therecord.media/north-korean...#windows #byovd #security #news #zeroday

North Korean hackers exploit Windows zero-day flaw

North Korean hackers exploited a previously unknown vulnerability in a Windows security feature, allowing them to gain the highest level of access to targeted systems.