cognitive cybersecurity intelligence

News and Analysis

Search

Silent Killers Exploit Windows Policy Loophole to Evade Detections and Deploy Malware

Researchers discovered a cybersecurity campaign exploiting a loophole in a Windows policy to deploy malware undetected. The attack uses an old driver, Truesight.sys (version 2.0.2), from Adlice’s RogueKiller Antirootkit suite, known for containing vulnerabilities that bypass security measures. Attackers manipulated the driver’s digital signature to avoid detection, creating over 2,500 variants. The campaign, active since 2024, mainly targets China and exploits Microsoft’s past exception allowing older drivers to load on newer Windows versions. Microsoft has now updated its driver blocklist to include all Truesight driver variants.

Source: gbhackers.com –

Subscribe to newsletter

Subscribe to HEAL Security Dispatch for the latest healthcare cybersecurity news and analysis.

More Posts