This week’s roundup includes EDR tampering exploits found in the wild, manual fixes for BitLocker, and GitHub leaking authorization tokens.
RansomHub rolls out brand new EDR-killing binary
Link: Dark Reading
RansomHub has introduced a new malware that uses a Bring Your Own Vulnerable Driver (BYOVD) technique to disable Endpoint Detection and Response (EDR) systems. This approach exploits legitimate but vulnerable drivers to evade detection, posing a significant challenge to cybersecurity defenses. The development underscores the growing sophistication of ransomware attacks.
Microsoft disables BitLocker security fix
Link: Bleeping Computer
Microsoft has disabled a security fix intended to block attacks on BitLocker due to issues it caused, including preventing the encryption feature from working correctly on some systems. Microsoft now advises users to implement manual mitigations to protect against these attacks while they work on a more stable solution. It’s also important to note that this exploit requires the attacker to have physical access to the encrypted device.
GitHub actions artifacts found leaked authorization tokens
Link: Bleeping Computer
A security issue was discovered in GitHub Actions where artifacts from some popular projects were found leaking authentication tokens. These tokens could potentially allow unauthorized access to various systems. The problem arose due to incorrect configurations, leading to sensitive information being exposed in publicly accessible logs. GitHub is addressing the issue, and developers are advised to review their workflows to ensure that secrets are properly secured.
