Recent Security News
-
Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks
February 29, 2024 at 07:09AM The Lazarus Group exploited a zero-day privilege escalation flaw in the Windows Kernel, gaining kernel-level access and disabling security software. Microsoft patched the vulnerability (CVE-2024-21338) as part of Patch Tuesday updates. The group used an in-the-wild admin-to-kernel exploit, allowing them to run the FudModule rootkit, bypass security checks, and disable…
-
Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack
February 29, 2024 at 06:45AM Cybersecurity firm Avast reported that the North Korean group Lazarus exploited a Windows zero-day vulnerability, CVE-2024-21338, using a rootkit called FudModule for privilege escalation. Microsoft patched the flaw but initially did not list it as a zero-day. The attack aimed at evading detection and included a new variant of the…
-
Echoes of SolarWinds in New ‘Silver SAML’ Attack Technique
February 29, 2024 at 06:08AM The SolarWinds attack involved the use of “Golden SAML” technique to forge SAML response tokens and gain access to enterprise networks. Researchers at Semperis have now identified a new version called “Silver SAML,” which does not require access to ADFS and can work with Microsoft Entra ID and other identity…
-
New Backdoor Targeting European Officials Linked to Indian Diplomatic Events
February 29, 2024 at 03:33AM SPIKEDWINE, a new threat actor, targeted European officials with Indian ties using the WINELOADER backdoor. They used a PDF email attachment posing as an invitation from the Indian Ambassador for a wine-tasting event, enabling malware installation. The attack is sophisticated and evasive, utilizing compromised websites for command and control. The…
-
Lazarus Exploits Typos to Sneak PyPI Malware into Dev Systems
February 29, 2024 at 03:33AM North Korean hackers, Lazarus, uploaded four malware-containing packages to PyPI repository, collectively downloaded 3,269 times. The packages, now removed, targeted Python developers by capitalizing on typos during installation. The attack mirrors Phylum’s discovery of rogue npm packages targeting developers. Both campaigns conceal malicious code within test scripts. JPCERT/CC urges caution…