One Article Review
| Source |  CSO |
|---|---|
| Identifiant | 7310080 |
| Date de publication | 2022-10-05 12:15:00 (vue: 2022-10-05 20:07:37) |
| Titre | North Korea\'s Lazarus group uses vulnerable Dell driver to blind security solutions |
| Texte | The notorious North Korean state-sponsored hacker group Lazarus has begun exploiting a known vulnerability in an OEM driver developed by Dell to evade detection by security solutions. This is a prime example of why it's important to always keep third-party PC manufacturer software, which is often neglected, up to date, as well as to add vulnerable versions to blocklists.“The most notable tool delivered by the attackers was a user-mode module that gained the ability to read and write kernel memory due to the CVE-2021-21551 vulnerability in a legitimate Dell driver,” security researchers from antivirus firm ESET said in a recent report. “This is the first ever recorded abuse of this vulnerability in the wild. The attackers then used their kernel memory write access to disable seven mechanisms the Windows operating system offers to monitor its actions, like registry, file system, process creation, event tracing etc., basically blinding security solutions in a very generic and robust way.”To read this article in full, please click here |
| Envoyé | Oui |
| Condensat | 2021 21551 ability abuse access actions add always antivirus article attackers basically begun blind blinding blocklists click creation cve date delivered dell detection developed disable driver due eset etc evade event ever example exploiting file firm first from full gained generic group hacker has here important its keep kernel known korea korean lazarus legitimate like manufacturer mechanisms memory mode module monitor most neglected north notable notorious oem offers often operating party please prime process read recent recorded registry report researchers robust said security seven software solutions sponsored state system then third tool tracing used user uses versions very vulnerability vulnerable way well which why wild windows write “the “this ”to |
| Tags | Tool Vulnerability |
| Stories | APT 38 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.