Cyber Bits · · 2 min read

Cyber Bits: August 19

This week’s roundup includes EDR tampering exploits found in the wild, manual fixes for BitLocker, and GitHub leaking authorization tokens.

Cyber Bits: August 19

This week’s roundup includes EDR tampering exploits found in the wild, manual fixes for BitLocker, and GitHub leaking authorization tokens.

RansomHub rolls out brand new EDR-killing binary

Link: Dark Reading

RansomHub has introduced a new malware that uses a Bring Your Own Vulnerable Driver (BYOVD) technique to disable Endpoint Detection and Response (EDR) systems. This approach exploits legitimate but vulnerable drivers to evade detection, posing a significant challenge to cybersecurity defenses. The development underscores the growing sophistication of ransomware attacks.

Microsoft disables BitLocker security fix

Link: Bleeping Computer

Microsoft has disabled a security fix intended to block attacks on BitLocker due to issues it caused, including preventing the encryption feature from working correctly on some systems. Microsoft now advises users to implement manual mitigations to protect against these attacks while they work on a more stable solution. It’s also important to note that this exploit requires the attacker to have physical access to the encrypted device.

GitHub actions artifacts found leaked authorization tokens

Link: Bleeping Computer

A security issue was discovered in GitHub Actions where artifacts from some popular projects were found leaking authentication tokens. These tokens could potentially allow unauthorized access to various systems. The problem arose due to incorrect configurations, leading to sensitive information being exposed in publicly accessible logs. GitHub is addressing the issue, and developers are advised to review their workflows to ensure that secrets are properly secured.

Read next

Cyber Bits: November 25
Cyber Bits ·

Cyber Bits: November 25

Welcome to this week's edition of Cyber Bits, where we cover the latest in malware campaigns, advanced persistent threats, data breaches, vulnerabilities in enterprise systems from Fortinet and Palo Alto, and the economic impact of cyberattacks. Here's what you need to know this week:

Cyber Bits: October 21
Cyber Bits ·

Cyber Bits: October 21

In this week's Cyber Bits, Internet Archive faces another breach, Microsoft sets up Azure tenant honeypots, ransomware attacks are using ESET's name, Microsoft may have lost some security logs, and North Korea is targeting companies looking for temporary IT workers.

Cyber Bits: October 14
Cyber Bits ·

Cyber Bits: October 14

In this weeks Cyber Bits, Microsoft deprecates VPN protocols, OpenAI confirms what everyone already knew about bad guys using ChatGPT for malware, SOC teams lament alert fatigue, qualified personnel gaps in cloud and cyber, and how to build cyber resilience for SMB's.