October 8, 2022 By Pierluigi Paganini
The BlackByte ransomware operators are leveraging a flaw in a legitimate Windows driver to bypass security solutions.
Researchers from Sophos warn that BlackByte ransomware operators are using a bring your own vulnerable driver (BYOVD) attack to bypass security products.
In BYOVD attacks, threat actors abuse vulnerabilities in legitimate, signed drivers, on which security products rely, to achieve successful kernel-mode exploitation.