News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

100 malicious drivers signed by Microsoft detected
100 Malicious Drivers Signed by Microsoft Detected - Image by Markus Spiske from Pixabay

Sophos experts have discovered 100 malicious drivers signed by Microsoft Windows Hardware Compatibility Publisher (WHCP). Most are so-called "EDR killers" specifically designed to attack and terminate various EDR/AV software on victims' systems. Sophos X-Ops has detected 133 malicious drivers signed with legitimate digital certificates; 100 of them were signed by the Microsoft Windows Hardware Compatibility Publisher (WHCP). Drivers signed by WHCP are fundamentally trusted by every Windows system, allowing attackers to install them without raising an alarm and then carry out malicious activities virtually unhindered….

Read more

Ransomware attacks: malicious code with valid certificates
Ransomware attacks: malicious code with valid certificates

Sophos thwarts ransomware attacks with a rare, malicious driver, but signed with a valid Microsoft digital certificate. The driver targets Endpoint Detection and Response (EDR) processes. The attack is linked to the Cuba Ransomware Group. Sophos found malicious code in several drivers signed with legitimate digital certificates. The new report, Signed Driver Malware Moves up the Software Trust Chain, details the investigation that began with an attempted ransomware attack. The attackers used a malicious driver that was bundled with a legitimate Microsoft Windows Hardware Compatibility Publisher digital certificate.

Read more

ESET analyzes APT attacks on Windows kernel
Eset_News

Unguarded control center: ESET analyzes attacks on Windows kernel. European IT security manufacturer publishes new research results on how APT groups (Advanced Persistent Threat) exploit the vulnerabilities for attacks. ESET Research department publishes the results of their vulnerability analysis of signed Windows kernel drivers. According to the security experts, these are increasingly being used by so-called APT (Advanced Persistent Threat) groups exploited for targeted attacks against companies. The detailed technical analyzes and effective defense techniques are now available as a blog post on WeLiveSecurity. Background on Windows kernel drivers In Microsoft Windows operating systems there are different types of kernel drivers. While device drivers require a rigorous development process focused on...

Read more