A sophisticated campaign has weaponized over 2,500 variants of a legitimate security driver to disable endpoint protection before deploying ransomware and remote access trojans. Attackers are abusing truesight.sys, a kernel-mode driver from Adlice Software’s RogueKiller antivirus suite. The legacy version 2.0.2 contains a critical vulnerability allowing arbitrary process termination via IOCTL command 0x22E044. This enables […] The post Hackers Weaponize 2,500+ Security Tools to Disable Endpoint Defenses Before Ransomware Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/ransomware-attacks-4/
