The vulnerability, now tracked as CVE-2024-11859, allowed attackers to bypass security monitoring tools by executing malicious payloads within the context of a trusted security solution. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. This incident highlights the evolving tactics of advanced threat actors who continue to find new ways to exploit trusted software, even security solutions themselves, to maintain persistent and undetected access to targeted systems. Further analysis revealed these files to be components of a complex tool dubbed TCESB, specifically designed to circumvent protection mechanisms and monitoring tools. The TCESB tool was designed to export all functions of the legitimate version.dll file but redirect calls to the original DLL while running malicious operations in the background. ESET registered the vulnerability as CVE-2024-11859 and released a patch on January 21, 2025, with a security advisory published on April 4. To enhance its stealth capabilities, TCESB employed the Bring Your Own Vulnerable Driver (BYOVD) technique (T1211), specifically using the Dell DBUtilDrv2.sys driver with the CVE-2021-36276 vulnerability. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. The malware could modify Windows kernel structures to disable notification routines about critical system events like process creation.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 07 Apr 2025 13:30:07 +0000