1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft patches Windows security flaw exploited by North Korean

    From TechnologyDaily@1337:1/100 to All on Mon Aug 19 19:15:06 2024
    Microsoft patches Windows security flaw exploited by North Korean hackers
    but is it too late?

    Date:
    Mon, 19 Aug 2024 19:10:00 +0000

    Description:
    The infamous Lazarus Group was observed abusing a flaw patched in Microsoft's latest Patch Tuesday update.

    FULL STORY ======================================================================

    As part of its latest Patch Tuesday cumulative update, Microsoft fixed a privilege escalation bug in the Windows Ancillary Function Driver (AFD.sys) for WinSock. This bug is tracked as CVE-2024-38193, and carries a severity score of 7.8.

    Abusing this flaw apparently grants attackers admin privileges on the vulnerable endpoint, with Microsoft noting, "an attacker who successfully exploited this vulnerability could gain SYSTEM privileges."

    However, the patch may have come a little too late, since some researchers said hackers were already abusing the bug, while it was a zero-day. In fact, researchers from Gen Digital (owners of Norton , Avira, Avast, and others) claim Lazarus Group, the infamous North Korean state-sponsored organization, used it to drop a malware rootkit called FudModule. Lazarus strikes again

    "This flaw allowed them to gain unauthorized access to sensitive system areas," Gen Digital said in a report. "The vulnerability allowed attackers to bypass normal security restrictions and access sensitive system areas that most users and administrators can't reach."

    This type of attack is both sophisticated and resourceful, potentially
    costing several hundred thousand dollars on the black market. This is concerning because it targets individuals in sensitive fields, such as those working in cryptocurrency engineering or aerospace to get access to their employers networks and steal crypto currencies to fund attackers operations, the researchers concluded.

    Lazarus is a known threat actor, responsible for some of the most devastating cyberattacks in recent history. It is most famous for its fake job campaigns, in which it creates fake LinkedIn profiles (or impersonates known figures)
    and then approaches software developers with offers of great jobs with
    amazing salaries.

    One such attack, carried out against a blockchain developer, resulted in the theft of roughly $600 million from a cryptocurrency project. Some researchers claim North Korea is using the money to fund its state apparatus, as well as its weapons program.

    Via The Hacker News More from TechRadar Pro Lazarus hackers return and
    hijack a Windows security flaw Here's a list of the best firewall software around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-patches-windows-security-flaw -exploited-by-north-korean-hackers-but-is-it-too-late


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)