Friday , March 28 2025
Laptop

Avast report
Hackers Exploited Windows Kernel Flaw as Zero-Day in attack

infosecbulletin Saturday , March 2 2024 Cyber Attack

Microsoft updated a security flaw in its AppLocker software, but the North Korean Lazarus Group was able to use it for a cyberattack before the update.

Avast researchers found the flaw in Microsoft software under the CVE-2024-21338. This flaw allowed Lazarus to use an updated version of its own malware called “FudModule” to access the admin-to-kernel boundary.

OpenAI Offering $100K Bounties for Critical Vulns

By infosecbulletin / Thursday , March 27 2025
OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
OpenAI Offering $100K Bounties for Critical Vulns

Splunk Alert User RCE and Data Leak Vulns

By infosecbulletin / Thursday , March 27 2025
Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
Splunk Alert User RCE and Data Leak Vulns

CIRT alert Situational Awareness for Eid Holidays

By infosecbulletin / Thursday , March 27 2025
As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
CIRT alert Situational Awareness for Eid Holidays

Cyberattack on Malaysian airports: PM rejected $10 million ransom

By infosecbulletin / Wednesday , March 26 2025
Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom

Micropatches released for Windows zero-day leaking NTLM hashes

By infosecbulletin / Wednesday , March 26 2025
Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

By infosecbulletin / Wednesday , March 26 2025
On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

By infosecbulletin / Tuesday , March 25 2025
Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

By infosecbulletin / Tuesday , March 25 2025
Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927) Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

By infosecbulletin / Sunday , March 23 2025
A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft

Russian zero-day seller to offer up to $4 million for Telegram exploits

By infosecbulletin / Saturday , March 22 2025
Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits. They seek $500K for one-click...
Read More
Russian zero-day seller to offer up to $4 million for Telegram exploits

The zero-day was fixed by Microsoft on February 13th as part of their February Patch Tuesday update. Avast shared details of the exploit on February 29th.

Avast researchers have discovered that the FudModule now has additional features. One of these features is the ability to suspend protected process light (PPL) processes found in Microsoft Defender, Crowdstrike Falcon, and HitmanPro.

Lazarus Group changed their tactics, switching from using their own vulnerable driver to using a more direct zero-day exploit approach to escalate privileges to kernel level.

Avast also discovered a new Lazarus remote access Trojan (RAT), about which the vendor pledges to release more details later.

“Though their [Lazarus Group’s] signature tactics and techniques are well-recognized by now, they still occasionally manage to surprise us with an unexpected technical sophistication,” the Avast report said. “The FudModule rootkit serves as the latest example, representing one of the most complex tools Lazarus holds in their arsenal.”

Source: Avast, darkreading

Check Also

ChatGPT

Hackers Exploit ChatGPT with CVE-2024-27564

Attackers are actively targeting OpenAI, exploiting CVE-2024-27564, a Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin