In this week’s Cybersecurity Newsletter, we bring you informed updates and critical insights from the ever-evolving sector of cybersecurity. Our selection of top stories keeps you appraised of the latest threats and trends in this fast-paced digital environment. Equip yourself…
Lazarus Group from North Korea Unleashes New Kaolin RAT via Fake Job Offers
April 25, 2024
Malware / Cyber Threat
The North Korean cyber threat actor Lazarus Group has once again leveraged its longstanding tactic of using bogus job offers to distribute a new remote access trojan (RAT) known as Kaolin RAT. Targeting specific individuals in the Asia region during the summer of 2023, this malware not only performs standard RAT functions but also has the ability to modify file timestamps and load DLL binaries from a command-and-control server, as noted by Avast security researcher Luigino Camastra in a recent report. The Kaolin RAT serves as an entry point for the FudModule rootkit, which has been found exploiting a recently patched admin-to-kernel vulnerability in the appid.sys driver (CVE-2024-21338, CVSS score: 7.8). This exploit enables it to gain kernel read/write capabilities and disable security mechanisms. Lazarus Group’s strategy of using job offers for infiltration, known as Operation Dream Job, has a history of successfully employing various social media platforms for this purpose.
Lazarus Group Launches New Kaolin RAT Targeting Individuals in Asia Through Deceptive Job Offers April 25, 2024 Malware / Cyber Threat In a concerning development, the Lazarus Group, a North Korea-linked threat actor, has recently leveraged fake job postings to…
Global Impact of China-Linked Cyber Attacks: 17 Nations Targeted Over Three Years August 9, 2023 In a significant escalation of cyber threats, hackers affiliated with China’s Ministry of State Security (MSS) have been implicated in a comprehensive cyber campaign spanning…
Artificial Intelligence & Machine Learning, Next-Generation Technologies & Secure Development Collaboration Between AWS, Palantir, and Anthropic to Develop AI for U.S. Defense Rashmi Ramesh (rashmiramesh_) • November 8, 2024 Image: Shutterstock A partnership has emerged between Palantir, Anthropic, and Amazon…
In a significant data breach, a hacker based in Brazil has exposed the personal information of approximately 130 to 170 million individuals across the United States, Canada, and the United Kingdom. This incident stems from a cyberattack against National Public…
Microsoft Acknowledges Source Code and Customer Data Breach by Russian Hackers
On March 9, 2024, Microsoft confirmed that the Kremlin-affiliated cyber group, Midnight Blizzard (also known as APT29 or Cozy Bear), successfully infiltrated some of its source code repositories and internal systems. This breach was initially uncovered in January 2024. The tech company stated, "We have recently observed that Midnight Blizzard is leveraging information obtained from our corporate email systems to gain, or attempt to gain, unauthorized access." While the investigation into the breach’s scope continues, Microsoft assures that there is no evidence suggesting compromise of customer-facing systems hosted on its platform. Microsoft also noted that the Russian state-sponsored hackers are trying to exploit various types of confidential information, including interactions between customers and Microsoft over email; however, specific details have not been disclosed.
Microsoft Confirms Source Code and Sensitive Data Breach by Russian Hackers On March 8, 2024, Microsoft disclosed that the Kremlin-supported cyber threat group known as Midnight Blizzard, also referred to as APT29 or Cozy Bear, has successfully infiltrated some of…
In a significant cybersecurity incident, Chinese hackers have reportedly compromised the sensitive data of thousands in a breach affecting a major telecommunications firm in the United States. This event has raised alarms within the cybersecurity community, as it underscores the…
Palo Alto Networks has released essential remediation guidance in response to a critical security vulnerability affecting its PAN-OS software, which is currently under active exploitation. This vulnerability, identified as CVE-2024-3400 and rated with a maximum CVSS score of 10.0, poses…
Harnessing Wazuh for Enhanced Zero Trust Security
November 05, 2024 | Network Security / Zero Trust
Zero Trust security reshapes organizational approaches to security by eliminating implicit trust and continually assessing and validating access requests. Unlike traditional perimeter-based security models, users are not automatically trusted upon entry. This paradigm promotes ongoing monitoring of every device and user, ensuring that protection remains robust even after authentication.
Why Organizations Embrace Zero Trust Security
Organizations turn to Zero Trust security to defend against the growing sophistication of cyber threats, addressing critical weaknesses in traditional perimeter-based models—such as insufficient protection for east-west traffic, unwarranted trust in internal users, and inadequate visibility.
Comparing Traditional and Zero Trust Security
Zero Trust security enhances an organization’s overall security posture by enabling:
Harnessing Wazuh for Enhanced Zero Trust Security As of November 5, 2024, the approach to organizational security has seen a significant transformation with the adoption of Zero Trust principles. This paradigm shift fundamentally alters how companies manage security by eliminating…
Artificial Intelligence & Machine Learning, Geo Focus: The United Kingdom, Geo-Specific UK Regulator Highlights Privacy Risks from ML and NLP Tools Akshaya Asokan (asokan_akshaya) • November 8, 2024 The U.K. Information Commissioner’s Office (ICO) has raised alarms regarding artificial intelligence…
