Development Hacking Security

Lazarus Group Exploits Windows Zero-Day for Privilege Escalation with FudModule Rootkit

1. Lazarus

The Lazarus group, a North Korean collective known for cyber-system sabotage, has recently been exploiting a Windows kernel privilege escalation vulnerability (CVE-2024-21338) in the form of a zero-day. This vulnerability is found within appid.sys, the core driver of AppLocker, Microsoft’s application whitelisting app; this newly discovered vulnerability earned a score of 7.8 out of 10 on the CVSS scale.

Lazarus has taken advantage of the vulnerability with the use of the FudModule rootkit, a data-only rootkit that accesses kernel read/write privileges through your machine’s drivers; the ultimate goal – bypass Windows security mechanisms.

Prior to the most recent iteration of this exploit, attackers would expose read/write privileges by attacking known vulnerabilities in third-party drivers. However, with the FudModule rootkit, hackers can deliver a special handle table entry manipulation technique to suspend PPL (Protected Process Light) protected processes.

Those AV Programs effected include, but are not limited to, Microsoft Defender, CrowdStrike Falcon, and HitmanPro.

2. FudModule

The FudModule rootkit itself is a frighteningly versatile piece of malware; it leverages kernel level read/write access to disable important features that security products rely on to detect suspicious behavior. This includes register callbacks, object callbacks, and process, thread, and image kernel callbacks.

It also is capable of removing file system minifilters used by AV Programs to monitor file operations.

This behavior is used by AV Products to find and block effected drivers; keep in mind that not all updates applied to an effected driver necessarily remove the instances of the old versions, thus leaving those weak spots open to attack.

Another additional rootkit behavior targets specific AV’s altogether, as mentioned earlier, rendering their security bypassed and non-functional.

3. Summary

The Lazarus Group is one of the most well-known and persistent threats to cybersecurity. The FudModule rootkit is only the most recent display of there technical prowess.

It is important for organizations to stay vigilant in their security; this includes taking proper precautions, addressing potential leaks/weaknesses in infrastructure, and regularly applying updates. Additionally, having monitors in place will help spot suspicious behavior before anything malicious occurs.

Staying educated, up to date, and aware will serve your system’s security in the long-term.

Coding Development

Top 5 Scripting Languages to Master in 2024

1. JavaScript

Often included alongside HTML and CSS, JavaScript (or JS) is known as the “language of the World Wide Web”. Being used to add functionality and dynamic behavior to otherwise static webpages. 

As of 2023, 63.61% of client-side pages and webapps utilize JS in their source worldwide.

2. Python

A high-level programming language, Python is known for its versatility in application. Taking advantage of meaningful indentation, this language provides one of the most readable and easy to understand syntaxes. Python supports many programming philosophies, including object-oriented, structured, and functional programming.

As of 2023, 49.28% of developers around the world use Python.

3. SQL

Standing for “structured query language”, SQL is a domain-oriented scripting language intended for the collection and manipulation of data. Most popularly used alongside relational databases, it is notably good and handling structured data, such as the relation between entities and variable names. One of the most popular uses of SQL queries and commands is alongside the software MySQL (open source) and SQL Server (proprietary).
As of 2023, 48.66% of the world used SQL for development projects.

4. PHP

Originally signifying “personal homepage”, PHP stands for Hypertext Preprocessor. A server-side HTML-embedded script language designed to help create more dynamic webpages. PHP is open source, leaving support up to the community to maintain.

As of 2023, 18.58% of the world utilizes PHP on its webpages.

5. GO

Similar to C in syntax, Go is a compiled, high-level programming language invented by developers at Google. Notable features include, memory safety, garbage collection, and structural typing, making it an ideal choice for networking and infrastructure application.

As of 2023, 13.24% of the world’s developers use GO.


Development Management Security

How to Create Strong Passwords: A Comprehensive Guide

1. Password Length:

  • An ideal password should be between 12-14 characters in length

2. Use a Combination of Letters, Numbers, and Symbols:

  •  The greater the variation in characters, the harder it will be to brute-force your password
  • Use different numbers, letters, cases, and special characters like @#$^- to strengthen your password

3. Avoid Using Common Words or Phrases:

  • Many insecure passwords are too similar to every-day phrases
  • While they are easy to remember, they are easy to guess

4. Avoid Using Sequences or Patterns:

  • Don’t use repeatable sequences or patterns in your passwords
  • If a hacker is able to establish a pattern from one password, they can quickly guess all of your passwords that follow the same pattern

5. Avoid Using Personal Information:

  • Personal information is easily visible to the public via social media, account names, services, etc. thus, can be found by anyone if they know where to look

6. Use a Password Manager:

  • A password manager can help keep track of your passwords in a secure way, making it so you don’t have to memorize your passwords, thus you can make them as complex as you want
  • Most password managers include a password creation tool, as well as browser plugins to quickly grab your passwords
  • We recommend the password manager BitWarden

7. Regularly Update Your Passwords:

  • The best way to maintain security is to be proactive
  • If you think a password may have been leaked, the safest thing to do is change it
  • Don’t keep less secure passwords for more than a few months

8. Two-Factor Authentication (2FA):

  • If your account in question offers two-factor authentication, set it up
  • The use of a pin, phone-number, or recovery address greatly increases your security, while decreasing the number of successful break-ins

9. Use Unique Passwords for Each Account:

  • One of the worst things you can do is reuse passwords for multiple accounts
  • Likewise, you should not share passwords between people

10. Train Your Team:

  • If applied to a work environment, make sure your team is responsibly creating credentials
  • The best way to stay safe is to be educated

Follow these guidelines and you will be on your way to peace of mind and Fort Knox level security!

Want to create a strong password?