Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day | allinfosecnews.com

Feb. 28, 2024, 1:14 p.m. | Jan Vojtěšek

Avast Threat Labs decoded.avast.io

The Lazarus Group is back with an upgraded variant of their FudModule rootkit, this time enabled by a zero-day admin-to-kernel vulnerability for CVE-2024-21338. Read this blog for a detailed analysis of this rootkit variant and learn more about several new techniques, including a handle table entry manipulation technique that directly targets Microsoft Defender, CrowdStrike Falcon, and HitmanPro.

The post Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day appeared first on Avast Threat Labs.

admin analysis back beyond blog byovd cve cve-2024-21338 entry exploit fudmodule kernel lazarus lazarus group learn manipulation pc rootkit techniques vulnerability zero-day

More from decoded.avast.io / Avast Threat Labs

GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining 1 week, 2 days ago | decoded.avast.io

antivirus antivirus updates avast backdoor +18

From BYOVD to a 0-day: Unveiling Advanced Exploits in Cyber Recruiting Scams 2 weeks ago | decoded.avast.io

advanced apt attack attacker +23

Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day 2 months ago | decoded.avast.io

admin analysis back beyond +17

Decrypted: HomuWitch Ransomware 2 months, 1 week ago | decoded.avast.io

avast companies current decryptor +10

Decrypted: Rhysida Ransomware 2 months, 2 weeks ago | decoded.avast.io

avast companies decryptor decryptors +19

Avast Q4/2023 Threat Report 2 months, 3 weeks ago | decoded.avast.io

api attacks avast blocked +14

Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police 3 months, 3 weeks ago | decoded.avast.io

avast babuk babuk ransomware called +19

Opening a new front against DNS-based threats 4 months, 2 weeks ago | decoded.avast.io

attacks avast decentralized dns +11

Avast Q3/2023 Threat Report 5 months, 2 weeks ago | decoded.avast.io

attacks avast blocked desktop +11

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote

View on infosec-jobs.com

Premium Hub - CoE: Business Process Senior Consultant, SAP Security Role and Authorisations & GRC

@ SAP | Dublin 24, IE, D24WA02

View on infosec-jobs.com

Product Security Response Engineer

@ Intel | CRI - Belen, Heredia

View on infosec-jobs.com

Application Security Architect

@ Uni Systems | Brussels, Brussels, Belgium

View on infosec-jobs.com

Sr Product Security Engineer

@ ServiceNow | Hyderabad, India

View on infosec-jobs.com

Analyst, Cybersecurity & Technology (Initial Application Deadline May 20th, Final Deadline May 31st)

@ FiscalNote | United Kingdom (UK)

View on infosec-jobs.com