New Malware Campaign Disables 142 Security Processes Using Avast Driver; CISA Warns of CVE-2023-28461 Exploitation

A new malware campaign has been identified that utilizes a legitimate Avast Anti-Rootkit driver to disable 142 security processes, effectively bypassing security protections and allowing attackers to take control of infected systems. This attack is part of a broader trend of cybersecurity threats, including a recent report from CISA that added a critical security flaw (CVE-2023-28461) affecting Array Networks AG and vxAG gateways to its Known Exploited Vulnerabilities catalog due to active exploitation. Additionally, Russian hackers have been linked to the exploitation of zero-day vulnerabilities in Firefox and Windows, enabling the delivery of the RomCom backdoor malware without requiring user interaction. Furthermore, a previously unknown China-linked hacking group, Earth Estries, has emerged, targeting Southeast Asian telecoms and technology firms with custom backdoors known as GHOSTSPIDER and MASOL RAT. These developments highlight the increasing sophistication and frequency of cyberattacks globally.