In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.
- North Korean threat actors known as the Lazarus Group exploited a zero-day in the Windows AppLocker driver to gain kernel-level access and turn off security tools, allowing them to bypass noisy Bring Your Own Vulnerable Driver techniques.
- Researchers observed threat actors run the Angry IP Scanner, followed by some Mimikatz functions, and then the kicker, the open-source QEMU hardware emulator and virtualizer.
- Threat actors have been observed installing RMM tools as a means of maintaining persistence within a compromised organization.
- Hackers breached some of the systems belonging to CISA in February through some known vulnerabilities in Ivanti products.