Threat actors have found a way to disable antivirus(opens in new tab) solutions and other endpoint(opens in new tab) protection tools using an increasingly popular method.
Cybersecurity researchers from Sophos recently detailed how the method, known as called Bring Your Own Vulnerable Driver, works, and the dangers it brings to businesses around the world.
According to the company’s research, ransomware operators BlackByte are abusing a vulnerability tracked as CVE-2019-16098. It is found in RTCore64.sys and RTCore32.sys, drivers used by Micro-Star’s MSI AfterBurner 4.6.2.15658. Afterburner is an overclocking utility for GPUs, that gives users more control over the hardware.
