-
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines.
- August 06, 2025
- 04:15 PM
0
-
Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks
Microsoft had discovered five Paragon Partition Manager BioNTdrv.sys driver flaws, with one used by ransomware gangs in zero-day attacks to gain SYSTEM privileges in Windows.
- March 01, 2025
- 10:17 AM
4
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
New SteelFox malware hijacks Windows PCs using vulnerable driver
A new malicious package called 'SteelFox' mines for cryptocurrency and steals credit card data by using the "bring your own vulnerable driver" technique to get SYSTEM privileges on Windows machines.
- November 06, 2024
- 12:53 PM
- 0
-
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems.
- August 19, 2024
- 11:32 PM
- 2
-
Ransomware gang deploys new malware to kill security software
RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks
- August 15, 2024
- 02:01 PM
- 1
-
Lazarus hackers exploited Windows zero-day to gain Kernel privileges
North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques.
- February 28, 2024
- 12:24 PM
- 1
-
Kasseika ransomware uses antivirus driver to kill other antiviruses
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files.
- January 23, 2024
- 02:58 PM
- 0
-
MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
- October 18, 2023
- 11:17 AM
- 0
-
Windows 10 KB5028244 update released with 19 fixes, improved security
Microsoft has released the optional KB5028244 Preview cumulative update for Windows 10 22H2 with 19 fixes or changes, including an update to the Vulnerable Driver Blocklist to block BYOVD attacks.
- July 26, 2023
- 01:04 PM
- 9
-
Terminator antivirus killer is a vulnerable Windows driver in disguise
A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace).
- May 31, 2023
- 03:25 PM
- 0
-
Ransomware gangs abuse Process Explorer driver to kill security software
Threat actors use a new hacking tool dubbed AuKill to disable Endpoint Detection & Response (EDR) Software on targets' systems before deploying backdoors and ransomware in Bring Your Own Vulnerable Driver (BYOVD) attacks.
- April 19, 2023
- 01:46 PM
- 5
-
Hackers backdoor Windows devices in Sliver and BYOVD attacks
A new hacking campaign exploits Sunlogin flaws to deploy the Sliver post-exploitation toolkit and launch Windows Bring Your Own Vulnerable Driver (BYOVD) attacks to disable security software.
- February 06, 2023
- 04:00 PM
- 0
-
Scattered Spider hackers use old Intel driver to bypass security
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
- January 11, 2023
- 04:55 PM
- 6
-
Microsoft fixes Windows vulnerable driver blocklist sync issue
Microsoft says it addressed an issue preventing the Windows kernel vulnerable driver blocklist from being synced to systems running older Windows versions.
- October 26, 2022
- 05:22 AM
- 3
-
The Week in Ransomware - October 7th 2022 - A 20 year sentence
It was a very quiet week regarding ransomware news, with the most significant news being the sentencing of a Netwalker affiliate to 20-years in prison.
- October 07, 2022
- 06:14 PM
- 0
-
BlackByte ransomware abuses legit driver to disable security products
The BlackByte ransomware gang is using a new technique that researchers are calling "Bring Your Own Driver," which enables bypassing protections by disabling more than 1,000 drivers used by various security solutions.
- October 05, 2022
- 03:44 PM
- 0
-
Lazarus hackers abuse Dell driver bug using new FudModule rootkit
The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.
- October 01, 2022
- 10:05 AM
- 0
