Attackers are leaning on a new EDR killer malware that can shut down 59 widely used endpoint security products by misusing a kernel driver that once shipped with Guidance Software’s EnCase digital forensics tool, Huntress researchers warn. This particular driver is legitimate but its certificate expired and was revoked more than ten years ago. Even so, Windows still allows it to load. The attack Huntress’ security experts spotted this intrusion earlier this month, and discovered … More
The post Why a decade-old EnCase driver still works as an EDR killer appeared first on Help Net Security.
This article has been indexed from Help Net Security
Read the original article: