Microsoft Zero-Day Used by Lazarus in Rootkit Attack

North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report. [TechWeb]( Follow Dark Reading: [RSS]( March 04, 2024 LATEST SECURITY NEWS & COMMENTARY [Microsoft Zero-Day Used by Lazarus in Rootkit Attack]( North Korean state actors Lazarus Group used a Windows AppLocker zero-day, along with a new and improved rootkit, in a recent cyberattack, researchers report. [CISO Corner: Operationalizing NIST CSF 2.0; AI Models Run Amok]( Dark Reading's roundup of strategic cyber-operations insights for chief information security officers and security leaders. Also this week: SEC enforcement actions, biometrics regulation, and painful encryption changes in the pike. [Millions of Malicious Repositories Flood GitHub]( GitHub and cyberattackers are waging a quiet, automated war over malicious repos. [NIST Cybersecurity Framework 2.0: 4 Steps to Get Started]( The National Institute of Standards and Technology (NIST) has revised the book on creating a comprehensive cybersecurity program that aims to help organizations of every size be more secure. Here's where to start putting the changes into action. [Taiwan's Biggest Telco Breached by Suspected Chinese Hackers]( Stolen data from Chunghwa Telecom — including government-related details — are up for sale on the Dark Web, the Taiwanese defense ministry confirms. [CryptoChameleon Attackers Target Apple, Okta Users With Tech Support Gambit]( A sophisticated threat actor using an MO similar to Scattered Spider is camouflaging itself with convincing impersonation techniques in targeted attacks. [Tips on Managing Diverse Security Teams]( The better a security team works together, the bigger the direct impact on how well it can protect the organization. [Biometrics Regulation Heats Up, Portending Compliance Headaches]( A growing thicket of privacy laws regulating biometrics is aimed at protecting consumers amid increasing cloud breaches and AI-created deepfakes. But for businesses that handle biometric data, staying compliant is easier said than done. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models]( The finding underscores the growing risk of weaponizing publicly available AI models and the need for better security to combat the looming threat. [Echoes of SolarWinds in New 'Silver SAML' Attack Technique]( A successor to the "Golden SAML" tactic used in the SolarWinds campaign, this new technique taps SAML response forgery to gain illegitimate access to apps and services. [MTTR: The Most Important Security Metric]( Measuring and tracking your mean time to remediate shows whether vulnerability management is reducing risk and closing opportunities for adversaries. [MORE]( PRODUCTS & RELEASES [Entro Extends Machine Secrets and Identities Protection With Machine Identity Lifecycle Management]( [Cybersecurity Startup Morphisec Appoints Ron Reinfeld As CEO]( [Troutman Pepper Forms Incidents and Investigations Team]( [Tenable Introduces Visibility Across IT, OT, and IoT Domains]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs]( Goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre. LATEST FROM THE EDGE [It's 10 p.m. Do You Know Where Your AI Models Are Tonight?]( Lack of AI model visibility and security puts the software supply chain security problem on steroids. LATEST FROM DR TECHNOLOGY [Cloud Apps Make the Case for Pen-Testing-as-a-Service]( Applications are increasingly distributed, expanding companies' cloud attack surfaces and requiring regular testing to find and fix vulnerabilities — and avoid the risk of a growing sprawl of services. LATEST FROM DR GLOBAL [Infrastructure Cyberattacks, AI-Powered Threats Pummel Africa]( Convincing phishing emails, synthetic identities, and deepfakes all have been spotted in cyberattacks on the continent. WEBINARS - [How To Optimize and Accelerate Cybersecurity Initiatives for Your Business]( - [How Supply Chain Attacks Work -- And How to Stop Them]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Secure Access for Operational Technology at Scale]( - [Endpoint Best Practices to Block Ransomware]( - [Fortinet Named a Leader in the Forrester Wave: Zero Trust Edge (ZTE) Solutions]( - [2023 Work-from-Anywhere Global Study]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121824&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.04.24&sp_cid=52312&utm_content=DR_NL_Dark%20Reading%20Daily_03.04.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ad If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)