The Hacker News

Mustang Panda Uses Signed Kernel-Mode Rootkit to Load TONESHELL Backdoor

Mustang Panda deployed TONESHELL via a signed kernel-mode rootkit, targeting Asian government networks and evading security ...

Researchers identify new ToneShell backdoor targeting government agencies

To defend against the new attacks, the researchers advise memory forensics as the number one way of spotting ToneShell ...
SecurityWeek

Chinese APT Mustang Panda Caught Using Kernel-Mode Rootkit

The China-linked Mustang Panda APT has been using a kernel-mode rootkit in attacks leading to ToneShell backdoor deployments.

Chinese state hackers use rootkit to hide ToneShell malware activity

A new sample of the ToneShell backdoor, typically seen in Chinese cyberespionage campaigns, has been delivered through a kernel-mode loader in attacks against government organizations.
ZDNet

Intel searches for Windows kernel-mode vulnerabilities, finds little to write home about

If hackers were able to exploit a vulnerability in a kernel mode driver for any operating system, they'd essentially end up with control of the entire system. But, according to a story by News.com's ...
Threat Post

Patched Windows Kernel-Mode Driver Flaw Exploitable With One Bit Change

Details have been disclosed on a Windows kernel-mode driver privilege escalation vulnerability that was patched Tuesday by Microsoft. The vulnerabilities addressed in this month’s Patch Tuesday ...
PC Gamer

Call of Duty: Warzone players are too fed up with cheaters to protest kernel level anti-cheat

The new Call of Duty: Warzone anti-cheat system, called Ricochet, will include a kernel-mode driver that gives Activision the ability to access any bit of memory on your PC. Reddit user t_hugs3 seemed ...