GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

By: Newsroom — May 22^nd 2024 at 08:57

Cybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what's called a Bring Your Own Vulnerable Driver (BYOVD) attack. Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese

The Hacker News

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

By: Newsroom — April 24^th 2024 at 07:02

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks. Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed 

Naked Security

Beware bad passwords as attackers co-opt Linux servers into cybercrime

By: Paul Ducklin — June 21^st 2023 at 17:50

Did you prevent password-only logins on your SSH servers? On ALL of them? Are you sure about that?

FreshRSS

GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

Beware bad passwords as attackers co-opt Linux servers into cybercrime