GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese

Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files

Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. "Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick

Russia Hackers Using TinyTurla-NG to Breach European NGO's Systems

The Russia-linked threat actor known as Turla infected several systems belonging to an unnamed European non-governmental organization (NGO) in order to deploy a backdoor called TinyTurla-NG (TTNG). "The attackers compromised the first system, established persistence and added exclusions to antivirus products running on these endpoints as part of their preliminary post-compromise actions," Cisco