cua cà mau cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau cua cà mau cua tươi sống cua tươi sống cua cà mau bao nhiêu 1kg giá cua hôm nay giá cua cà mau hôm nay cua thịt cà mau cua biển cua biển cà mau cách luộc cua cà mau cua gạch cua gạch cà mau vựa cua cà mau lẩu cua cà mau giá cua thịt cà mau hôm nay giá cua gạch cà mau giá cua gạch cách hấp cua cà mau cua cốm cà mau cua hấp mua cua cà mau cua ca mau ban cua ca mau cua cà mau giá rẻ cua biển tươi cuaganic cua cua thịt cà mau cua gạch cà mau cua cà mau gần đây hải sản cà mau cua gạch son cua đầy gạch giá rẻ các loại cua ở việt nam các loại cua biển ở việt nam cua ngon cua giá rẻ cua gia re crab farming crab farming cua cà mau

Hackers have found a way to hack you that you’d never expect

By Zak Islam Published October 6, 2022

A security flaw has allowed a ransomware gang to effectively prevent antivirus programs from running properly on a system.

As reported by Bleeping Computer, the BlackByte ransomware group is utilizing a newly discovered method related to the RTCore64.sys driver to circumvent more than 1,000 legitimate drivers.

A depiction of a hacker breaking into a system via the use of code. — Getty Images

Security programs that rely on such drivers are therefore unable to detect a breach, with the technique itself being labeled as “Bring Your Own Driver” by researchers.

Recommended Videos

Once the drivers have been turned off by the hackers, they can operate under the radar due to the lack of multiple endpoint detection and response (EDR). The vulnerable drivers are able to pass an inspection via a valid certificate, and they also feature high privileges on the PC itself.

Researchers from cybersecurity company Sophos detail how the MSI graphics driver that is targeted by the ransomware gang offers I/O control codes that can be accessed through user-mode processes. However, this element breaches Microsoft’s security guidelines on kernel memory access.

Due to the exploit, threat actors can freely read, write, or execute code within a system’s kernel memory.

BlackByte is naturally keen to avoid being detected so as to not have its hacks analyzed by researchers, Sophos stated — the company pointed toward attackers looking for any debuggers running on the system and then quitting.

Furthermore, the group’s malware scans the system for any potential hooking DLLs connected to Avast, Sandboxie, Windows DbgHelp Library, and Comodo Internet Security. Should any be found by the search, BlackByte disables its ability to function.

Because of the sophisticated nature of the technique used by the threat actors, Sophos warned that they will continue to exploit legitimate drivers in order to bypass security products. Previously, the “Bring Your Own Driver” method was seen being used by the North Korean hacking group Lazarus, which involved a Dell hardware driver.

Bleeping Computer highlights how system administrators can protect their PCs by putting the MSI driver (RTCore64.sys) that is being targeted into an active blocklist.

BlackByte’s ransomware efforts first came to light in 2021, with the FBI stressing that the hacking group was behind certain cyberattacks on the government.

Topics

Former Digital Trends Contributor

Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…

Computing

Hackers have a new way of forcing ransomware payments

kaspersky releases tool to counteract cryptxxx ransomware

Bad actors are becoming craftier with their methods of ransomware attacks by targeting backup storage to force organizations to pay a ransom, according to the software company Veeam.

In the event of a ransomware attack, companies typically have two options: pay the ransom and hope that their data can be restored through a decryptor sent by the bad actors or ignore the ransom demands and restore their data via a backup option, TechRadar reports.

Computing

Hackers may have stolen the master key to another password manager

Open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Computing

Hackers are using a devious new trick to infect your devices

A person using a laptop with a set of code seen on the display.

Hackers have long used lookalike domain names to trick people into visiting malicious websites, but now the threat posed by this tactic could be about to ramp up significantly. That’s because two new domain name extensions have been approved which could lead to an epidemic of phishing attempts.

The two new top-level domains (TLDs) that are causing such consternation are the .zip and .mov extensions. They’ve just been introduced by Google alongside the .dad, .esq, .prof, .phd, .nexus, .foo names.