Security News > 2024 > August > 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
2024-08-20 12:59
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free vulnerability in the Windows Ancillary Function Driver for WinSock (AFD.sys). Gen Digital researchers Luigino Camastra and Milanek discovered in early June 2024 that the Lazarus APT group was exploiting the flaw to achieve SYSTEM privilege, so they can “bypass … More → The post 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) appeared first on Help Net Security.
News URL
Related news
- Japan warns of attacks linked to North Korean Kimsuky hackers (source)
- North Korean Hackers Update BeaverTail Malware to Target MacOS Users (source)
- KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack (source)
- North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks (source)
- U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals (source)
- North Korean hackers exploit VPN update flaw to install malware (source)
- North Korean Hackers Moonstone Sleet Push Malicious JS Packages to npm Registry (source)
- Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-38193 | Unspecified vulnerability in Microsoft products Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 7.8 |