VulnHub

Real-time Cybersecurity News

EDR killer tool uses signed kernel driver from forensic software

BleepingComputer
Actively Exploited
Malware

Overview

Hackers have been exploiting a previously legitimate EnCase kernel driver, which had been revoked, to create a tool that targets endpoint detection and response (EDR) solutions. This EDR killer can identify and disable 59 different security products, putting organizations at significant risk. The use of a signed driver adds a layer of legitimacy to the attack, making it harder for security systems to detect the malicious activity. This incident raises concerns for companies relying on these security tools, as attackers can effectively bypass defenses and compromise systems. It's crucial for organizations to be aware of this tactic and take steps to reinforce their security measures against such threats.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: 59 security tools, including various EDR solutions
  • Action Required: Organizations should review their security configurations and consider updating or patching their EDR tools.
  • Timeline: Newly disclosed

Original Article Summary

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in attempts to deactivate them. [...]

Impact

59 security tools, including various EDR solutions

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should review their security configurations and consider updating or patching their EDR tools. Regularly monitoring for unusual activity and implementing additional layers of security may also help mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Malware.

Read Original Article

Related Coverage

Chinese Mustang Panda Used Fake Diplomatic Briefings to Spy on Officials

Hackread – Cybersecurity News, Data Breaches, AI and More

Mustang Panda, a Chinese cyber espionage group, has launched a new campaign using fake US diplomatic briefings to spy on government officials. This operation involves sending these deceptive briefings via email to target individuals, aiming to gather sensitive information. Researchers have pointed out that the attackers are specifically looking for data related to national security and foreign policy. This tactic not only compromises the privacy of officials but also poses a risk to national security as it can lead to the leakage of classified information. Understanding these methods is crucial for government entities to bolster their defenses against such espionage efforts.

Feb 4, 2026

Cyber Insights 2026: Cyberwar and Rising Nation State Threats

SecurityWeek

The article discusses the anticipated increase in cyberwarfare by 2026, suggesting that nation-state actors will ramp up their cyber operations significantly. While the hope is that these tensions won't escalate into full-blown conflicts, the potential consequences of such cyber activities are concerning. The piece emphasizes the need for awareness around these threats, as they could impact various sectors and critical infrastructure. As nation-states enhance their cyber capabilities, organizations and governments must remain vigilant to mitigate the risks associated with these evolving tactics. Overall, it serves as a reminder of the growing importance of cybersecurity in the geopolitical landscape.

Feb 4, 2026

OpenClaw agents targeted with 341 malicious ClawHub skills

SCM feed for Latest

Recent reports indicate that OpenClaw agents have been targeted with 341 malicious skills linked to ClawHub, a platform for voice-enabled applications. Most of these harmful skills were found to deploy malware consistent with Atomic Stealer, which primarily affects Mac machines. This type of malware is designed to steal sensitive information, such as passwords and financial details, posing significant risks to users. The proliferation of these malicious skills raises concerns about the security of voice assistant platforms, highlighting the need for increased vigilance among developers and users alike. Companies are urged to monitor their systems closely and implement stronger security measures to protect against these threats.

Feb 4, 2026

Owner of Incognito dark web drugs market gets 30 years in prison

BleepingComputer

A Taiwanese man has been sentenced to 30 years in prison for running Incognito Market, a major dark web platform that facilitated the sale of over $105 million in illegal drugs globally. The market operated for several years, connecting buyers and sellers in a largely anonymous online environment. Authorities have emphasized the significance of this case in combating the proliferation of illegal drug trade online. The sentencing serves as a stern warning to others involved in similar activities, highlighting the ongoing efforts to dismantle dark web marketplaces that contribute to the trafficking of narcotics. This incident underscores the challenges law enforcement faces in regulating online criminal activities and the need for continued vigilance in cybersecurity measures.

Feb 4, 2026

Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil

darkreading

Recent vulnerabilities in Google Looker have raised serious concerns about security, particularly regarding cross-tenant remote code execution (RCE) and data exfiltration. Attackers could exploit these flaws to gain access to environments of other Google Cloud Platform (GCP) tenants by leveraging a compromised Looker user account. This means that sensitive data from multiple organizations could potentially be at risk, making it a significant threat for businesses relying on GCP services. The findings underscore the need for users and companies to review their security practices and ensure that they are protected against unauthorized access. As vulnerabilities like these can lead to major data breaches, prompt action is essential to safeguard sensitive information.

Feb 4, 2026

The First 90 Seconds: How Early Decisions Shape Incident Response Investigations

The Hacker News

The article discusses how the initial moments of an incident response can significantly impact the outcome of an investigation. It emphasizes that many failures in incident response are not due to a lack of tools or expertise but rather the decisions made immediately after detecting an incident. High-pressure situations and incomplete information can lead teams to lose control over their investigations, even when they have the capability to manage the intrusion effectively. The author shares experiences of both successful recoveries and failures, underscoring the need for clear protocols and calm decision-making during the critical first 90 seconds after an incident is detected. This insight is essential for organizations looking to improve their incident response processes.

Feb 4, 2026