The Canadian Centre for Cyber Security issued an advisory highlighting unspecified vulnerabilities in Google Chrome for Desktop. Administrators are urged to update Windows, Mac, and Linux clients to the latest stable channel releases to mitigate potential exploitation.
Threat actors are actively abusing the QEMU hardware emulator to create hidden virtual machines on compromised hosts, effectively shielding their attack toolkits from endpoint detection and response (EDR) solutions. Recent campaigns, including those linked to the PayoutsKing ransomware group, leverage this technique alongside vulnerability exploitation and legitimate remote access tools to establish persistence, harvest credentials, and exfiltrate data.
Threat actors breached a network via compromised SonicWall SSLVPN credentials and deployed a sophisticated EDR killer to blind endpoint security prior to a planned ransomware deployment. The malware utilizes a Bring Your Own Vulnerable Driver (BYOVD) technique, dropping a revoked EnCase forensic driver encoded with a novel wordlist substitution cipher to terminate 59 different security processes directly from kernel mode.