Cybercriminals bypass Windows security with driver-vulnerability exploit

Read Time:33 Second

The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike.

In this latest BYOVD attack, which was observed and stopped by CrowdStrike’s Falcon security system, Scattered Spider attempted to deploy a malicious kernel driver via a vulnerability — CVE-2015-2291 in MITRE’s Common Vulnerability and Exposures program — in the Intel Ethernet diagnostics driver for Windows (iqvw64.sys).

To read this article in full, please click here

Fake PoC Exploit Targets Security Researchers with Infostealer

Smashing Security podcast #399: Honey in hot water, and reset your devices

Space Bears ransomware: what you need to know

Zero-Day Vulnerability in Ivanti VPN

Fancy Product Designer Plugin Flaws Expose WordPress Sites

Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFace

PowerSchool Reportedly Pays Ransom to Prevent Student Data Leak

EU Commission Liable for Breaching EU’s Own Data Protection Rules

United Nations aviation agency hacked, recruitment database plundered