BYOVD attack – Threat Note

From Dark Reading – Medusa Rides Momentum From Ransomware-as-a-Service Pivot

Shifting to a RaaS business model has accelerated the group's growth, and targeting critical industries like healthcare, legal, and manufacturing hasn't hurt either. Read More

shaikh Saqib April 4, 2025

News

From Security Week – Critical Vulnerability Found in Canon Printer Drivers

[[{"value":"Microsoft’s offensive security team warned Canon about a critical code execution vulnerability in printer drivers. The post Critical Vulnerability Found in Canon Printer Drivers appeared first on SecurityWeek."}]] Read More

shaikh Saqib April 1, 2025

News

From The Hacker News – ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad

shaikh Saqib March 24, 2025

News

From The Hacker News – Medusa Ransomware Uses Malicious Driver to Disable Anti-Malware with Stolen Certificates

The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS

shaikh Saqib March 21, 2025

News

From The Hacker News – Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks

Threat actors have been exploiting a security vulnerability in Paragon Partition Manager's BioNTdrv.sys driver in ransomware attacks to escalate privileges and execute arbitrary code. The zero-day flaw (CVE-2025-0289) is part of a set of five vulnerabilities that was discovered by Microsoft, according to the CERT Coordination Center (CERT/CC). "These include arbitrary kernel memory mapping and

shaikh Saqib March 3, 2025

News

From The Hacker News – 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid," Check Point

shaikh Saqib February 25, 2025