Select a theme from the list.
Insights

From our experts

Latest
Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalGlobal CMS Exploitation Wave Plants Webshells on Business WebsitesExposed Attack Server Unmasks Three Microsoft 365 Phishing OperationsMicrosoft Prepares Windows Customers for a Faster Era of AI-Driven PatchingLaser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet CardsGlobal CMS Exploitation Wave Puts Business Websites at Immediate RiskMacOS Malware 'Poseidon Stealer' Rebranded as 'Odyssey Stealer'CISA Warns of Critical Vulnerabilities in Mitsubishi Electric ICS HardwareAhold Delhaize Data Breach Exposes 2.2 Million Customers' InformationSwitzerland Mandates 24-Hour Cyberattack Reporting for Critical SectorsFTC to Distribute $25.5 Million to Victims of Tech Support ScamsMicrosoft to Deprecate Publisher by October 2026Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalGlobal CMS Exploitation Wave Plants Webshells on Business WebsitesExposed Attack Server Unmasks Three Microsoft 365 Phishing OperationsMicrosoft Prepares Windows Customers for a Faster Era of AI-Driven PatchingLaser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet CardsGlobal CMS Exploitation Wave Puts Business Websites at Immediate RiskMacOS Malware 'Poseidon Stealer' Rebranded as 'Odyssey Stealer'CISA Warns of Critical Vulnerabilities in Mitsubishi Electric ICS HardwareAhold Delhaize Data Breach Exposes 2.2 Million Customers' InformationSwitzerland Mandates 24-Hour Cyberattack Reporting for Critical SectorsFTC to Distribute $25.5 Million to Victims of Tech Support ScamsMicrosoft to Deprecate Publisher by October 2026
Security Insight

Microsoft-Signed Driver Exploited in Ransomware Attacks

Microsoft-Signed Driver Exploited in Ransomware Attacks
Photo by Ann H on Pexels

Threat actors are exploiting a privilege escalation flaw in Paragon Partition Manager, a Microsoft-signed driver, to conduct 'bring your own vulnerable driver' (BYOVD) attacks, enabling them to gain elevated privileges and deploy ransomware.

Recent reports have revealed that cybercriminals are exploiting a privilege escalation vulnerability in Paragon Partition Manager, a Microsoft-signed driver, to carry out 'bring your own vulnerable driver' (BYOVD) attacks. This technique allows attackers to gain elevated privileges on targeted systems, facilitating the deployment of ransomware and other malicious activities.

Details of the Exploitation

The vulnerability resides in the Paragon Partition Manager driver, which, being signed by Microsoft, is inherently trusted by Windows systems. By leveraging this flaw, attackers can bypass security measures and execute code with higher privileges, leading to system compromise and data encryption.

Implications for Organizations

The exploitation of trusted drivers underscores the evolving tactics of cybercriminals who seek to abuse legitimate software components to achieve their objectives. Organizations must be aware of such vulnerabilities and take proactive steps to mitigate the associated risks.

Recommended Actions

  • Ensure all drivers and software are updated to their latest versions to patch known vulnerabilities.
  • Implement application whitelisting to prevent unauthorized execution of drivers and applications.
  • Enhance monitoring for unusual activities that may indicate privilege escalation attempts.

In my assessment, this incident highlights the critical need for organizations to maintain rigorous patch management practices and to scrutinize even trusted components for potential vulnerabilities.

Talk to our team →

Latest

Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe GoalJul 13, 2026Global CMS Exploitation Wave Plants Webshells on Business WebsitesJul 13, 2026Exposed Attack Server Unmasks Three Microsoft 365 Phishing OperationsJul 13, 2026Microsoft Prepares Windows Customers for a Faster Era of AI-Driven PatchingJul 13, 2026Laser Attack Exposes an Unpatchable Weakness in Tangem Crypto Wallet CardsJul 13, 2026Global CMS Exploitation Wave Puts Business Websites at Immediate RiskJul 13, 2026

Most read

1Scattered Spider's Cyberattack on Marks & Spencer Exposes Retail Vulnerabilities2Microsoft-Signed Driver Exploited in Ransomware Attacks3Global CMS Exploitation Wave Plants Webshells on Business Websites4Microsoft Expands AI-Led Security Hardening and Sets 2029 Quantum-Safe Goal5Exposed Attack Server Unmasks Three Microsoft 365 Phishing Operations6Microsoft Prepares Windows Customers for a Faster Era of AI-Driven Patching