Hackers Can Use Windows Safe Mode To Steal PC Logins
for execute the attack, the attacker needs to gain local administrative rights to the PC or server. Once they get the access, they can modify the registry to force a reboot into Safe Mode. They could then create attack tools that run in Safe Mode. Attackers can register a malicious COM object that is loaded by explorer.exe. This enables that attackers code to run each time the explorer.exe needs to parse icons, CyberArk describes....