Tricked: Microsoft Defender runs malware
LockBit actors use Windows Defender command-line tool MpCmdRun.exe to infect PCs with Cobalt Strike Beacon. After that, the ransomware LockBit will be installed. Microsoft should be on high alert if they aren't already. Cybersecurity research company SentinelOne has released news: They have discovered that Microsoft's internal anti-malware solution is being abused to load Cobalt Strike Beacon onto victim PCs and servers. In this case, the attackers are operators of LockBit Ransomware as a Service (RaaS). As a starting point for the attack, the command-line tool in Defender called MpCmdRun.exe is abused to…