Ransomware uses vulnerable, signed driver to disable endpoint security

“Ransomware-wielding attackers have devised a novel tactic for disabling security protections that might get in their way: they are using a deprecated, vulnerable but signed driver to deliver a malicious, unsigned one that allows them to kill processes and files belonging to Windows endpoint security products.” – read more at HelpNetSecurity!