Source |
CSO |
Identifiant |
8300311 |
Date de publication |
2023-01-11 15:37:00 (vue: 2023-01-12 00:05:39) |
Titre |
Cybercriminals bypass Windows security with driver-vulnerability exploit |
Texte |
The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) - a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike.In this latest BYOVD attack, which was observed and stopped by CrowdStrike's Falcon security system, Scattered Spider attempted to deploy a malicious kernel driver via a vulnerability - CVE-2015-2291 in MITRE's Common Vulnerability and Exposures program - in the Intel Ethernet diagnostics driver for Windows (iqvw64.sys).To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
2015 2291 according article attack attempted attempting been being bring byovd bypass called click common company crowdstrike cve cybercrime cybercriminals cybersecurity deficiencies deploy diagnostics driver employed ethernet exploit exploits exposures falcon full group has here intel iqvw64 kernel latest longstanding malicious mitre observed own please professionals program protections read recently scattered security spider stopped sys system tactic technique using vulnerability vulnerable warning which windows your |
Tags |
Vulnerability
|
Stories |
|
Notes |
★★
|
Move |
|