CSO Online

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Attackers abused a signed but long-revoked EnCase Windows kernel driver in a BYOVD attack to terminate all security tools.
Dark Reading

EnCase Driver Weaponized as EDR Killers Persist

The forensic tool's driver was signed with a digital certificate that expired years ago, but major security gaps allowed ...

EDR killer tool uses signed kernel driver from forensic software

Hackers are abusing a legitimate but long-revoked EnCase kernel driver in an EDR killer that can detect 59 security tools in ...
Forbes

CrowdStrike—How Microsoft Will Protect 8.5 Million Windows Machines

Just over a week after the botched CrowdStrike update caused millions of Windows-based machines to crash, Microsoft has published its analysis of the outage. Just over a week after the botched ...
Dark Reading

Microsoft Talks Kernel Drivers Post CrowdStrike Outage

Microsoft has released more details around its assessment of the CrowdStrike Falcon outage nearly two weeks ago, noting that one takeaway is the need to reduce infosec vendors' reliance on the kernel ...
Hackaday

kernel driver

[Johannes 4GNU_Linux] has been filming a video series on how to write Linux device drivers for a couple of years now, but luckily, you won’t need that long to watch them or to create your own driver.