In a report published by security company GuidePoint Security, they’ve issued a warning that hackers can effectively bypass Microsoft Defender to install and deploy Akira ransomware.This is done by exploiting a vulnerable driver called rwdrv.sys, which is a legitimate driver used by an Intel CPU tuning tool called ThrottleStop. By exploiting this driver, a hacker can gain kernel-level access to the PC.With kernel-level access, the hacker can then load their own malicious driver—in this case, hlpdrv.sys, which modifies the Windows Registry and causes Microsoft Defender to disable its...

https://www.pcworld.com/article/2871304/hackers-can-bypass-microsoft-defender-to-install-ransomware-on-pcs.html

#pcworld