North Korean state-sponsored hacking operation Lazarus Group has leveraged a zero-day vulnerability in a popular certificate software to compromise a South Korean financial entity in October, according to The Hacker News.
The financial firm was earlier compromised by Lazarus in May through the same vulnerable certificate software version, a report from AhnLab Security Emergency Response Center showed.
Such an attack was facilitated through the Bring Your Own Vulnerable Driver technique, which Lazarus has used in its recent intrusions. Aside from modifying file names to conceal malicious behavior, Lazarus has also employed timestomping, or timestamp alterations, eventually resulting in the deployment of various backdoor payloads.
"The Lazarus Group is researching the vulnerabilities of various other software and are constantly changing their TTPs by altering the way they disable security products and carry out anti-forensic techniques to interfere or delay detection and analysis in order to infiltrate Korean institutions and companies," said ASEC.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.