byovd – PossibleThreat Articles

Ransomware attackers introduce new EDR killer to their arsenal

August 14, 2024 0 Comments byovd, EDR, edr killer, featured, Ransomware, security news, threat research

Credit to Author: Andrew Brandt| Date: Wed, 14 Aug 2024 16:00:19 +0000

Sophos discovers the threat actors behind RansomHub ransomware using EDRKillShifter in attacks

It’ll be back: Attackers still abusing Terminator tool and variants

March 4, 2024 0 Comments aukill, blackbyte, byovd, drivers, featured, Ransomware, sophos x-ops, terminator, threat research, zam

Credit to Author: Matt Wixey| Date: Mon, 04 Mar 2024 11:00:08 +0000

First released in May 2023, an EDR killer – and the vulnerable Zemana drivers it leverages – are still of interest to threat actors, along with variants and ported versions

Security Sophos

Signed driver malware moves up the software trust chain

December 13, 2022 0 Comments 2022-12, adv220005, burntcigar, byovd, cuba ransomware, driver signature enforcement, drivers, featured, Patch Tuesday, sbom, security operations, signed drivers, sophos x-ops, supply chain compromise, threat research, whcp, whql, Windows, x-ops

Credit to Author: Andrew Brandt| Date: Tue, 13 Dec 2022 18:00:15 +0000

The criminals signed their AV-killer malware, closely related to one known as BURNTCIGAR, with a legitimate WHCP certificate

MalwareBytes Security

Microsoft fixes driver blocklist placing users at risk from BYOVD attacks

October 20, 2022 0 Comments blocklist, bring your own vulnerable driver, byovd, Microsoft, news, windows updates

Categories: News

Tags: BYOVD

Tags: bring your own vulnerable driver

Tags: blocklist

Tags: microsoft

Tags: windows updates

We take a look at reports that Microsoft’s driver blocklist hadn’t been updated for three years, leaving people at risk from BYOVD attacks.