Cuba ransomware group used Microsoft developer accounts to sign malicious drivers - Cyber Security News

Read Time:32 Second

Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy.

“In most ransomware incidents, attackers kill the target’s security software in an essential precursor step before deploying the ransomware itself,” researchers from security firm Sophos said in a new report about the incident. “In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products.”

To read this article in full, please click here

More Stories

Microsoft Reports 92% Adoption Rate for Phishing-Resistant MFA Among Corporate Users

The tech giant has released its second Secure Future Initiative (SFI) progress report, showcasing its ongoing efforts to improve cybersecurity...

Android Improves Its Security

Android phones will soon reboot themselves after sitting idle for three days. iPhones have had this feature for a while;...

SuperCard X Enables Contactless ATM Fraud in Real-Time

A new malware campaign utilizing NFC-relay techniques has been identified carrying out unauthorized transactions through POS systems and ATMs Read...

Billbug Espionage Group Deploys New Tools in Southeast Asia

Billbug, a China-linked espionage group, has been observed targeting critical sectors in Southeast Asia with new tools Read More

New Cryptojacking Malware Targets Docker with Novel Mining Technique

Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies Read More

The AI Fix #47: An AI is the best computer programmer in the world

In episode 47 of The AI Fix, o3 becomes the best competitive programmer in the world, hacked California crosswalks speak...