Avast Releases Rhysida Ransomware Decryptor In October 2023, we published a blog post containing technical analysis of the Rhysida ransomware. What we intentionally omitted in the blog post was that we had been aware of a cryptographic vulnerability in this ransomware for several months and, since August 2023, we had covertly provided victims with our decryption tool. […]
Zero-Day Exploit Powers Advanced Rootkit Key Points Avast discovered an in-the-wild admin-to-kernel exploit for a previously unknown zero-day vulnerability in the appid.sys AppLocker driver. Thanks to Avast’s prompt report, Microsoft addressed this vulnerability as CVE-2024-21338 in the February Patch Tuesday update. The exploitation activity was orchestrated by the notorious Lazarus Group, with the end goal of establishing […]
Malware Campaign Exploiting Antivirus Updates Key Points Avast discovered and analyzed a malware campaign hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers Avast disclosed the vulnerability to both eScan antivirus and India CERT. On 2023-07-31, eScan confirmed that the issue was fixed and successfully resolved The campaign was orchestrated by a threat […]
Cybercriminal organization transitions from espionage to exploitation, preying on individuals for financial gain Meet the Lazarus Group, also known as Hidden Cobra. The group is a notorious cybercriminal organization believed to be backed by North Korea. They first came onto the scene in 2009, and over the years have become infamous for their highly sophisticated […]
Rising threats during the world’s biggest sporting event call for increased awareness As the world’s most elite athletes gather for this summer’s competitions, cybercriminals are seizing the opportunity to exploit the elevated attention. These events showcase athletic excellence, attracting fans worldwide, but on the downside – they also attract malicious actors. Alongside some of the […]
Gen identifies and helps fix a vulnerability exploited by a notorious hacker group, reinforcing global cybersecurity Gen Threat Labs recently uncovered and reported a major security flaw known as a zero-day vulnerability (CVE-2024-38193), which Microsoft has now fixed. This repair is important because it addresses a security issue that was being used by the Lazarus APT group, a […]
How deepfakes and AI-created content shape perceptions in today’s digital world As the digital landscape rapidly evolves, so do the risks associated with it. Among the growing concerns are AI-generated content and deepfakes, which are progressively being used to deceive and manipulate. While AI-generated images and deepfakes are drawing attention in the political landscape, their […]
GitHub Users Targeted by Lumma Stealer Malware Campaign As attackers become increasingly innovative, they are beginning to leverage popular platforms more and more to spread their malicious tools. One of the latest and most concerning threats we’ve observed is the widespread promotion of the Lumma information stealer on GitHub. What is Lumma Stealer? Lumma Stealer […]
Magniber ransomware and Lumma stealer are suspected Malvertising is one of the dark sides of pervasive advertising on the modern web that continues to retain its relevance despite attempts to curb it. Investigation of the Lumma stealer’s infection chain led us to believe that there is a new contender in the malvertising field. This new […]
In early June, we discovered a sample that was exploiting a new zero-day vulnerability within Winsock driver (CVE-2024-38193) to achieve local privilege escalation to deploy a new version of FudModule rootkit. We determined that the sample was part of a Lazarus Group operation that was targeting potentially sensitive industries such as aerospace and cryptocurrency engineering […]
USA
2255 Cumberland Pkwy Bldg 1600, STE 115-A, Atlanta, Georgia 30339
☎️ (678)-886-8405
Jamaica
District 360
19 Cargill Avenue, Kingston 10
☎️ 876-618-7604
