Cuba ransomware group used Microsoft developer accounts to sign malicious drivers - Cyber Security News

Read Time:32 Second

Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. The driver certificates have been revoked and the drivers will be added to a blocklist that Windows users can optionally deploy.

“In most ransomware incidents, attackers kill the target’s security software in an essential precursor step before deploying the ransomware itself,” researchers from security firm Sophos said in a new report about the incident. “In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products.”

To read this article in full, please click here

More Stories

WK Kellogg Confirms Data Breach Tied to Cleo Software Exploit

WK Kellogg breach exposed employee data after attackers exploited flaws in Cleo software Read More

Precision-Validated Phishing Elevates Credential Theft Risks

New phishing method targets high-value accounts using real-time email validation Read More

Ransomware Attacks Hit All-Time High as Payoffs Dwindle

While ransomware attack claims are at an all-time high, financial losses from actual attacks may be reducing Read More

How to Leak to a Journalist

Neiman Lab has some good advice on how to leak a story to a journalist. Read More

Three-Quarters of IT Leaders Fear Nation-State AI Cyber Threats

73% of respondents in an Armis survey said they worried about nation-state actors using AI for cyber-attacks Read More

Microsoft Fixes Over 130 CVEs in April Patch Tuesday

Microsoft has issued security updates to fix 130+ vulnerabilities this month, including one zero-day Read More