New: 2026 Gartner® Market Guide for Adversarial Exposure Validation
Learn More
Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Research: The Security Tradeoffs Behind AI Tooling
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

AvosLocker Ransomware Abuses Driver File to Disable AV and Scans for Log4shell

May 9, 2022

According to the analysis, the suspected entry point is via the Zoho ManageEngine ADSelfService Plus (ADSS) exploit. Due to the lack of network traffic details, TrendMicro could not identify the exact CVE ID of the security gap the attacker used. However, there are some indications that they abused the same vulnerability previously documented by Synacktiv during a pentest, CVE-2021-40539. The gap they observed was particularly similar to the creation of JSP files (test.jsp), execution of keytool.exe with "null" parameters to run a crafted Java class/code.

Featured Resources

View More Resources
CVE-2026-32196:  One-Click RCE via Windows Admin Center Control Flow Hijacking
blog

CVE-2026-32196:  One-Click RCE via Windows Admin Center Control Flow Hijacking

Ilan Kalendarov, Security Research Team LeadBen Zamir, Security ResearcherElad Beber, Security ResearcherRuben Enkaoua, Security Researcher Cymulate Research Labs identified a set of

Read More
Cymulate Stories: A Fireside Chat with Morgan Street Holdings
Webinar

Cymulate Stories: A Fireside Chat with Morgan Street Holdings

Many organizations still manage cyber risk using reactive security practices that struggle to keep pace with today’s threat landscape. As

Watch Now
The Race to Ship AI Tools Left Security Behind. Part 1: Sandbox Escape 
blog

The Race to Ship AI Tools Left Security Behind. Part 1: Sandbox Escape 

AI tools shipped fast - but weak sandboxing left escape paths, exposing systems to data access, abuse, and full compromise.

Read More