Hackers Use Stolen Certificates to Bypass Endpoint Detection and Response. A Russian-speaking ransomware group has been deploying a malicious Windows PE driver that imitates a legitimate CrowdStrike Falcon driver to bypass endpoint security, warn researchers. The driver disables endpoint detection and response software by stripping process protections.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/medusa-ransomware-brings-its-own-vulnerable-driver-a-27813
