Ransomware Group Uses Vulnerability to Bypass EDR Products

The BlackByte ransomware group is actively exploiting a vulnerability in RTCore32.sys and RTCore64.sys, the drivers of a widely used graphic card utility called Micro-Star MSI AfterBurner (version 4.6.2.15658). Recorded as CVE-2019-16098, the flaw allows any authenticated user to read and write to arbitrary memory, I/O ports and model-specific registers (MSRs). Cybercriminals can abuse it to […]

The post Ransomware Group Uses Vulnerability to Bypass EDR Products appeared first on eSecurityPlanet.

This article has been indexed from eSecurityPlanet

Read the original article: