Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

Credit to Author: Andrew Brandt| Date: Tue, 11 Jul 2023 17:20:38 +0000

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-Ops (and others) observed threat actors abusing during attacks. Today, Microsoft issued Security Advisory ADV230001 as part of their July Windows Update that addresses Sophos’ discovery of more than […]

Read more

Signed driver malware moves up the software trust chain

Credit to Author: Andrew Brandt| Date: Tue, 13 Dec 2022 18:00:15 +0000

The criminals signed their AV-killer malware, closely related to one known as BURNTCIGAR, with a legitimate WHCP certificate

Read more