all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

SCATTERED SPIDER Exploits Windows Security Deficiencies with Bring-Your-Own-Vulnerable-Driver Tactic in Attempt to Bypass Endpoint Security

Add to bookmarks
c
March 10, 2023, 12:28 a.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by CrowdStrike. In December 2022, CrowdStrike reported on a campaign by SCATTERED SPIDER, targeting organizations within the telecom and business process outsourcing (BPO) sectors with an end objective of gaining access to mobile carrier networks.In the weeks since that post, the CrowdStrike Falcon® platform prevented a novel attempt by SCATTERED SPIDER to deploy a malicious kernel driver through a vulnerability (CVE-2015-2291) in the Intel Ethernet diagnostics driver.The...

access business bypass campaign carrier crowdstrike crowdstrike falcon cve december driver end endpoint endpoint security exploits falcon kernel kernel driver malicious mobile mobile carrier networks novel organizations outsourcing own platform process scattered spider security tactic targeting telecom vulnerability vulnerable windows windows security

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
AI Hallucinations: The Emerging Market for Insuring Against Generative AI's Costly Blunders 2 days, 23 hours ago | cloudsecurityalliance.org
ai governance ai hallucinations blog chair +16
Cl
Why Business Risk Should be Your Guiding North Star for Remediation 3 days ago | cloudsecurityalliance.org
adoption agile attack attack surface +19
Cl
Upselling Cybersecurity: Why Baseline Security Features Shouldn’t Be a Commodity 3 days ago | cloudsecurityalliance.org
accountability advisory barr advisory consulting +23
Cl
Breach Debrief: The Fake Slackbot 6 days, 22 hours ago | cloudsecurityalliance.org
abusing adaptive shield breach design +15
Cl
Understanding the Nuances: Privacy and Confidentiality 6 days, 22 hours ago | cloudsecurityalliance.org
age american businesses clients +19
Cl
What’s in a Name? Defining Zero Trust for Leaders 6 days, 22 hours ago | cloudsecurityalliance.org
analyst board business concept +17
Cl
Are You Ready for Microsoft Copilot? 6 days, 23 hours ago | cloudsecurityalliance.org
ai chatbot chatbot copilot customers +13
Cl
Implementing a Data-Centric Approach to Security 6 days, 23 hours ago | cloudsecurityalliance.org
access access governance can cto +13
Cl
Cloud Security Alliance (CSA) AI Summit at RSAC to Deliver Critical Tools to Help Meet … 1 week, 2 days ago | cloudsecurityalliance.org
advice alliance april benefits +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Physical Security Operations Center - Supervisor

@ Equifax | USA-GA-Alpharetta-JVW3
View on infosec-jobs.com

Network Cybersecurity Engineer - Overland Park, KS Hybrid

@ Black & Veatch | Overland Park, KS, US
View on infosec-jobs.com

Cloud Security Engineer

@ Point72 | United States
View on infosec-jobs.com

Technical Program Manager, Security and Compliance, Cloud Compute

@ Google | New York City, USA; Kirkland, WA, USA
View on infosec-jobs.com

EWT Security | Vulnerability Management Analyst - AM

@ KPMG India | Gurgaon, Haryana, India
View on infosec-jobs.com
View more jobs