this post was submitted on 20 Aug 2024
315 points (99.1% liked)

Technology

59495 readers
3114 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] BlackEco@lemmy.blackeco.com 98 points 3 months ago (5 children)

Earlier this year, researchers from security firm Avast spotted a newer FudModule variant that bypassed key Windows defenses such as Endpoint Detection and Response, and Protected Process Light. Microsoft took six months after Avast privately reported the vulnerability to fix it, a delay that allowed Lazarus to continue exploiting it.

Dammit Microsoft, you only had one job!

[–] flambonkscious@sh.itjust.works 49 points 3 months ago (4 children)

I'll bet the NSA or others were using it and didn't want it broken, maybe

[–] jaybone@lemmy.world 6 points 3 months ago (2 children)

What I don’t get is, we all know the NSA is doing this. It’s no big secret. Why don’t they just report the 0-day to Microsoft, so they can fix it, so that North Korea doesn’t also exploit it. In exchange, Microsoft can give them some special access or special keys or some backdoor. Why even bother pretending anymore or putting on this charade. It’s the same thing over and over again.

[–] candybrie@lemmy.world 9 points 3 months ago

In exchange, Microsoft can give them some special access or special keys or some backdoor.

They might be doing this. The thing is, putting something like that in makes so much more likely you'll accidentally create an exploit for other actors as well. It's why security experts are so against backdoors. They fundamentally compromise security.

load more comments (1 replies)
load more comments (2 replies)
load more comments (2 replies)