Hackers Are Abusing This Intel Tool to Disable Windows 11's Built-in Antivirus — Don't Fall for This

Hackers are abusing this Intel tool to disable Windows 11's built-in antivirus — don't fall for this

Hackers deploying the Akira ransomware are now exploiting a legitimate Intel CPU driver to disable Microsoft Defender during their attacks.

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender

Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines.

Hackers can bypass Microsoft Defender to install ransomware on PCs

By exploiting a legitimate driver, hackers can load their own malicious driver to bypass Microsoft Defender.

Akira ransomware abuses CPU tuning tool to disable Microsoft Defender | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware - National Cyber Security Consulting

Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines. The abused driver is 'rwdrv.sys' (used by ThrottleStop), which the threat actors register as a service to gain kernel-level access. This driver is likely used to load a second driver, […] Thank you for subscribing to our RSS feed! The post Akira ransomware abuses CPU tuning tool to di…

Akira And Lynx Ransomware Attacking Managed Service Providers With Stolen Login Credential And Vulnerabilities - Cybernoz - Cybersecurity News

Two sophisticated ransomware operations have emerged as significant threats to managed service providers (MSPs) and small businesses, with the Akira and Lynx groups deploying advanced attack techniques that combine stolen credentials with vulnerability exploitation. These ransomware-as-a-service (RaaS) operations have collectively compromised over 365 organizations, demonstrating their effectiveness in targeting high-value infrastructure provide…