Bleeping Computer

Microsoft-signed malicious Windows drivers used in ransomware attacks

Microsoft has revoked several Microsoft hardware developer accounts after drivers signed through their profiles were used in cyberattacks, including ransomware incidents. "Microsoft was informed that ...
ZDNet

These hackers used Microsoft-signed malicious drivers to further their ransomware attacks

Security firms have reported that multiple hacking groups have been using drivers signed by Microsoft in a series of attacks, including the deployment of Cuba ransomware. That development matters ...
Bleeping Computer

Malicious Windows kernel drivers used in BlackCat ransomware attacks

The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks. The driver seen by Trend Micro is an ...
Dark Reading

Microsoft-Signed Malicious Drivers Usher In EDR-Killers, Ransomware

Malicious drivers certified by Microsoft's Windows Hardware Developer Program have been used to juice post-exploitation efforts by cybercriminals, Redmond warned this week — including being used as ...
Dark Reading

Hackers Exploit Policy Loophole in Windows Kernel Drivers

Hackers are using open source tools to exploit a Windows policy loophole for kernel mode drivers to load malicious and unverified drivers with expired certificates, researchers have found. The ...