Leaked NVIDIA data is being used to bypass Windows security and attack PCs


    The ongoing drama surrounding the NVIDIA hack by Lapsus$ has another chapter, and it’s putting computers at risk. The ransomware group known as Lapsus$ hacked NVIDIA in February 2022. The group threatened to leak the stolen information if NVIDIA did not meet demands to remove mining limitations from its RTX 30 series graphics cards. The group has since leaked information, which is being used by threat actors.

    The leak by the Lapsus$ group includes two code-signing certificates that NVIDIA uses to sign drivers and executables. They’re both expired but can still be used to make malicious software appear genuine. Windows looks at code-signing certificates to make sure a driver or executable is safe. If a malicious file was signed by an approved certificate, it could bypass security measures within Windows.

    BleepingComputer reports that the certificates stolen through the leak have been used to sign malware and hacking tools, including backdoors, Cobalt Strike beacons, Mimikatz, and remote access trojans.

    Countering this attack by Lapsus is complex. It’s possible to configure Windows Defender Application Control policies to stop certain NVIDIA drivers from being loaded, but that requires sophisticated technical knowledge. Microsoft could also add the drivers in question to its certificate revocation list, but that would cause issues for some legitimate NVIDIA drivers (and their associated best graphics cards). Bleeping Computer notes that it’s unlikely that Microsoft will take that step in the near future.





    Source link

    Previous articleiPhone SE 3 could be announced tomorrow, here’s what we know
    Next articleTips to Improve Your Movement in PC FPS Games