Faculty of Science and Information Technology > Cyber and Software Security
BYO-Bug Tactic Attacks Windows Kernel with Outdated Driver
(1/1)
maruf.swe:
The RobbinHood ransomware is using a deprecated Gigabyte driver as the tip of the spear for taking out antivirus products.
The operators behind the RobbinHood ransomware are using a vulnerable, legacy driver from Taiwan-based motherboard manufacturer Gigabyte in order to get around antivirus protections. The “bring-your-own-bug” tactic is likely to crop up in other attacks going forward, according to security analysts.
According to research from Sophos, the driver has a known vulnerability (CVE-2018-19320), and was discontinued in 2018 by the company. However, the Verisign certificate used to digitally sign the driver has not been revoked, so the signature remains valid.
For More Details : https://threatpost.com/byo-bug-windows-kernel-outdated-driver/152762/
Navigation
[0] Message Index
Go to full version