Summary: A report by security researcher Nima Bagheri reveals that a component of CheckPoint’s ZoneAlarm antivirus is being exploited in a BYOVD attack, allowing threat actors to bypass Windows security. The vulnerabilities in vsdatant.sys, a driver associated with ZoneAlarm, enable unauthorized access to sensitive information and persistent control over infected systems. CheckPoint emphasizes that users should update to the latest version to avoid these vulnerabilities.
Affected: CheckPoint’s ZoneAlarm antivirus software
Keypoints :
- Threat actors are exploiting vulnerabilities in vsdatant.sys for BYOVD attacks.
- Legitimate driver signatures allow malicious activities to be overlooked by security solutions.
- The latest version of vsdatant.sys is secure; users are advised to update their software.
- Attackers can exfiltrate sensitive data and maintain persistent access through Remote Desktop Protocol (RDP).
Source: https://www.infosecurity-magazine.com/news/cybercriminals-exploit-checkpoint/