VulnHub

Real-time Cybersecurity News

EDR killer tool uses signed kernel driver from forensic software

BleepingComputer
Actively Exploited
Malware

Overview

Hackers have been exploiting a previously legitimate EnCase kernel driver, which had been revoked, to create a tool that targets endpoint detection and response (EDR) solutions. This EDR killer can identify and disable 59 different security products, putting organizations at significant risk. The use of a signed driver adds a layer of legitimacy to the attack, making it harder for security systems to detect the malicious activity. This incident raises concerns for companies relying on these security tools, as attackers can effectively bypass defenses and compromise systems. It's crucial for organizations to be aware of this tactic and take steps to reinforce their security measures against such threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: 59 security tools, including various EDR solutions
  • Action Required: Organizations should review their security configurations and consider updating or patching their EDR tools.
  • Timeline: Newly disclosed

Original Article Summary

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. [...]

Impact

59 security tools, including various EDR solutions

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should review their security configurations and consider updating or patching their EDR tools. Regularly monitoring for unusual activity and implementing additional layers of security may also help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Bot traffic makes up 49% of online activity, but 99% of bots unwanted

SCM feed for Latest

A recent study reveals that nearly half of all online activity, about 49%, is generated by bots, with a staggering 99% of those bots being unwanted. Researchers have pointed out that malicious bots often mimic trusted user agents to hide their true purpose, which can lead to various security issues for websites and online services. This kind of activity can skew analytics, facilitate fraud, and potentially compromise sensitive data. Businesses and website owners need to be aware of these threats and implement measures to detect and block these malicious bots effectively. The implications are significant, as the growing prevalence of unwanted bot traffic can harm user experience and undermine trust in online platforms.

Apr 17, 2026

Coast Guard's New Cybersecurity Rules Offers Lessons for CISOs

darkreading

The Coast Guard has introduced new cybersecurity rules as part of the Maritime Transportation Security Act (MTSA), which focuses on securing operational technology (OT) systems. These requirements include the development of protective plans for OT systems, mandatory audits by independent third parties, and the establishment of a hybrid role for OT security. This shift aims to bolster the cybersecurity posture of maritime operations, which have become increasingly vulnerable to cyber threats. Companies operating in the maritime sector need to comply with these regulations to protect their systems and ensure the safety of maritime transportation. The emphasis on independent audits and specialized roles indicates a serious approach to addressing the unique challenges posed by cyber risks in this industry.

Apr 17, 2026

DDoS-For-Hire Services Disrupted by International Police Action in ‘Operation PowerOff’

Infosecurity Magazine

In a significant crackdown on online crime, international law enforcement agencies, including the FBI and Europol, launched ‘Operation PowerOff’ to disrupt DDoS-for-hire services. This operation involved seizing critical infrastructure used by these services and making several arrests. Additionally, authorities sent warning letters to individuals known to have used these DDoS services, signaling a strong stance against such illicit activities. DDoS attacks, which overwhelm websites and networks to render them unusable, have been a growing concern for businesses and organizations worldwide. By targeting these services, law enforcement aims to reduce the frequency of these attacks and deter potential users from engaging with them.

Apr 17, 2026

New ZionSiphon Malware Discovered Targeting Israeli Water Systems

Hackread – Cybersecurity News, Data Breaches, AI and More

Researchers from Darktrace have discovered a new malware strain called ZionSiphon that specifically targets water treatment facilities in Israel. This malware poses a significant risk to the operational technology (OT) systems that manage water resources, potentially disrupting essential services. The identification of ZionSiphon raises alarms about the security of critical infrastructure, particularly in regions that may be vulnerable to cyberattacks. The malware's focus on water systems indicates a troubling trend where attackers are increasingly aiming at vital public utilities. This incident underscores the need for heightened cybersecurity measures in the OT sector to protect against such targeted threats.

Apr 17, 2026

Recent Apache ActiveMQ Vulnerability Exploited in the Wild

SecurityWeek

A remote code execution vulnerability, identified as CVE-2026-34197, was discovered in Apache ActiveMQ in early April. This vulnerability allows attackers to execute arbitrary code on affected systems, posing a significant risk to organizations using this messaging platform. As of now, it has been actively exploited in the wild, which raises concerns for users who have not yet applied necessary security measures. Companies that rely on Apache ActiveMQ should prioritize updating their systems to mitigate the risk of this vulnerability. The situation underscores the need for ongoing vigilance in maintaining software security to protect sensitive data and infrastructure from potential breaches.

Apr 17, 2026

CISA flags Apache ActiveMQ flaw as actively exploited in attacks

BleepingComputer

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a significant vulnerability in Apache ActiveMQ that is currently being exploited by attackers. This flaw, which had remained undetected for 13 years, was patched earlier this month. ActiveMQ, widely used for messaging in enterprise applications, is at risk, meaning organizations that rely on this software could be compromised if they haven't applied the recent update. The urgency of the situation is underscored by the fact that attackers are actively leveraging this vulnerability, making it crucial for users to take immediate action to secure their systems. Companies using ActiveMQ should prioritize updating to the latest version to protect against potential intrusions.

Apr 17, 2026