Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
8 résultats taggé driver  ✕
One-Click RCE in ASUS's Preinstalled Driver Software https://mrbruh.com/asusdriverhub/
14/06/2025 10:10:41
QRCode
archive.org

After ignoring the advice from my friend, I bought a new ASUS motherboard for my PC. I was a little concerned about having a BIOS that would by default silently install software into my OS in the background. But it could be turned off so I figured I would just do that.

DriverHub is an interesting piece of driver software because it doesn’t have any GUI. Instead it’s just a background process that communicates with the website driverhub.asus.com and tells you what drivers to install for your system and which ones need updating. Naturally I wanted to know more about how this website knew what drivers my system needed and how it was installing them, so I cracked open the Firefox network tab.

As I expected, the website uses RPC to talk to the background process running on my system. This is where the background process hosts an HTTP or Websocket service locally which a website or service can connect to by sending an API request to 127.0.0.1 on a predefined port, in this case 53000.

Right about now my elite hacker senses started tingling.

mrbruh EN 2025 ASUS RPC driver-hub Vulnerability Driver
Printer company provided infected software downloads for half a year https://www.gdatasoftware.com/blog/2025/05/38200-printer-infected-software-downloads
16/05/2025 15:12:51
QRCode
archive.org

When Cameron Coward, the Youtuber behind the channel Serial Hobbyism, wanted to review a $6k UV printer and plugged in the USB flash drive with the printer software, the Antivirus software alerted him of a USB-spreading worm and a Floxif infection. Floxif is a file infector that attaches itself to Portable Executable files, so it can spread to network shares, removable drives like USB flash drives or backup storage systems.

The printer company Procolored assured him at first that these were false positives. Nevertheless, Cameron turned to Reddit in the hopes of finding a professional malware analyst who can figure out the truth.

All these software downloads are available on mega.nz with a different mega folder link for each product. Overall, there are 8 GB of files and archives for all six products. Most files were last updated in October 2024, which is six months ago at the time of writing.

gdatasoftware EN 2025 UVprinter printer driver malware Floxif
When Guardians Become Predators: How Malware Corrupts the Protectors https://www.trellix.com/blogs/research/when-guardians-become-predators-how-malware-corrupts-the-protectors/
27/11/2024 09:15:01
QRCode
archive.org

We often trust our security software to stand as an unbreakable wall against malware and attacks, but what happens when that very wall is weaponized against us? Our Trellix Advanced Research Center team recently uncovered a malicious campaign that does just that. Instead of bypassing defenses, this malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda. The malware exploits the deep access provided by the driver to terminate security processes, disable protective software, and seize control of the infected system.

trellix EN 2024 research Avast Anti-Rootkit driver malware aswArPot.sys malware analysis
Windows driver zero-day exploited by Lazarus hackers to install rootkit https://www.bleepingcomputer.com/news/microsoft/windows-driver-zero-day-exploited-by-lazarus-hackers-to-install-rootkit/
20/08/2024 07:11:59
QRCode
archive.org
thumbnail

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems.
#BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day

bleepingcomputer EN 2024 Your Lazarus Own BYOVD Driver Zero-Day Vulnerability Bring CVE-2024-38193 Group Microsoft
It’ll be back: Attackers still abusing Terminator tool and variants https://news.sophos.com/en-us/2024/03/04/itll-be-back-attackers-still-abusing-terminator-tool-and-variants/?ref=news.risky.biz
06/03/2024 06:44:17
QRCode
archive.org
thumbnail

First released in May 2023, an EDR killer – and the vulnerable Zemana drivers it leverages – are still of interest to threat actors, along with variants and ported versions

sophos EN Terminator EDR-killer Zemana driver
Terminator antivirus killer is a vulnerable Windows driver in disguise https://www.bleepingcomputer.com/news/security/terminator-antivirus-killer-is-a-vulnerable-windows-driver-in-disguise/
01/06/2023 19:26:58
QRCode
archive.org
thumbnail

A threat actor known as Spyboy is promoting a Windows defense evasion tool called

bleepingcomputer BYOVD Driver EDR Terminator XDR Security Spyboy XDR
BlackCat Ransomware Deploys New Signed Kernel Driver https://www.trendmicro.com/en_us/research/23/e/blackcat-ransomware-deploys-new-signed-kernel-driver.html
22/05/2023 22:20:27
QRCode
archive.org
thumbnail

In this blog post, we will provide details on a BlackCat ransomware incident that occurred in February 2023, where we observed a new capability, mainly used for the defense evasion phase.

trendmicro EN 2023 ransomware research BlackCat Kernel Driver
Lazarus hackers abuse Dell driver bug using new FudModule rootkit https://www.bleepingcomputer.com/news/security/lazarus-hackers-abuse-dell-driver-bug-using-new-fudmodule-rootkit/
02/10/2022 12:36:22
QRCode
archive.org
thumbnail

The notorious North Korean hacking group 'Lazarus' was seen installing a Windows rootkit that abuses a Dell hardware driver in a Bring Your Own Vulnerable Driver attack.

bleepingcomputer EN 2022 CVE-2021-21551 BYOVD Dell Driver Lazarus-Group Malware North-Korea Rootkit
4503 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio