Security News > 2024 > May > GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
2024-05-22 08:57
Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese
News URL
https://thehackernews.com/2024/05/ghostengine-exploits-vulnerable-drivers.html
Related news
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- New DoubleClickjacking attack exploits double-clicks to hijack accounts (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- New Web3 attack exploits transaction simulations to steal crypto (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Clone2Leak attacks exploit Git flaws to steal credentials (source)
- What's Yours is Mine: Is Your Business Ready for Cryptojacking Attacks? (source)
- New SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution Exploits (source)
- New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks (source)
- Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (source)