BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
BTC $70823.7516
ETH $3531.0259
BNB $621.2790
SOL $172.6448
stETH $3527.9907
XRP $0.6083
DOGE $0.1997
TON $7.2456
ADA $0.5853
AVAX $46.2175
wstETH $4100.4456
DOT $8.4402
BCH $607.1354
WETH $3536.6758
WBTC $70909.4458
TRX $0.1219
LINK $17.6560
MATIC $0.8809
UNI $9.0821
ICP $15.6959
LTC $97.8636
CAKE $3.7041
DAI $0.9996
IMX $2.5675
ETC $33.6641
RNDR $9.1096
FIL $8.1342
STX $2.9994
MNT $1.2895
NEAR $6.8343
TAO $615.5692
VET $0.0503
ATOM $10.8915
HBAR $0.0996
OKB $56.9032
FDUSD $1.0028
WIF $3.3890
KAS $0.1440
MKR $3344.9389
PEPE $0.0000
GRT $0.3114
THETA $2.8807
INJ $31.7467
FET $2.5067
XLM $0.1297
XMR $134.0517
USDE $1.0001
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Grouping BlackByte in search of a powerful graphics card


    Sophos researchers warn that BlackByte operators are using a Bring Your Own Vulnerable Driver (BYOVD) attack to bypass security products.

    According to Sophos analysis, attackers use a vulnerability in the legitimate Windows driver "Micro-Star MSI Afterburner RTCore64.sys" to bypass security software. This is a privilege escalation and arbitrary code execution vulnerability CVE-2019-16098 (CVSS score: 7.8).

    The "RTCore64.sys" and "RTCore32.sys" drivers are actively used by the "Micro-Star MSI AfterBurner 4.6.2.15658" utility, which allows you to expand control over video cards. An authenticated hacker could use CVE-2019-16098 to read and write to arbitrary memory, I/O ports, and the MSR partition, which could lead to privilege escalation and information disclosure. The experts explained that signed drivers can also be used to bypass Microsoft's driver signing policy to deploy malware.

    This attack method is called BYOVD (Bring Your Own Vulnerable Driver). This method allows an attacker with administrative privileges to easily bypass Windows kernel security. Instead of writing an exploit from scratch, a cybercriminal simply installs a third-party driver with known vulnerabilities. It then uses these vulnerabilities to gain instant access to some of the most protected areas of Windows.

    Sophos has identified numerous similarities between the latest BlackByte ransomware and the EDR bypass implementation used by the open source tool EDRSandblast. The tool allows vulnerable signed drivers to be abused to bypass security systems and avoid detection.

    Security researchers have also defined kernel routines to disable ETW (Event Tracing for Windows), a mechanism for tracking and logging events fired by user-mode applications and kernel-mode drivers.

    Author DeepWeb
    Hackers spread malware in blank images
    Pakistan hit by massive power outage across the country

    Comments 0

    Add comment