Is Cyberlink Legit

[Awilda]

ANorth Korean state-sponsored threat actor tracked as Diamond Sleet is distributing a trojanized version of a legitimate application developed by a Taiwanese multimedia software developer called CyberLink to target downstream customers via a supply chain attack.

"This malicious file is a legitimate CyberLink application installer that has been modified to include malicious code that downloads, decrypts, and loads a second-stage payload," the Microsoft Threat Intelligence team said in an analysis on Wednesday.

The poisoned file, the tech giant said, is hosted on the update infrastructure owned by the company while also including checks to limit the time window for execution and bypass detection by security products.

The campaign is estimated to have impacted over 100 devices across Japan, Taiwan, Canada, and the U.S. Suspicious activity associated with the modified CyberLink installer file was observed as early as October 20, 2023.

Diamond Sleet, which dovetails with clusters dubbed TEMP.Hermit and Labyrinth Chollima, is the moniker assigned to an umbrella group originating from North Korea that's also called Lazarus Group. It's known to be active since at least 2013.

"Their operations since that time are representative of Pyongyang's efforts to collect strategic intelligence to benefit North Korean interests," Google-owned Mandiant noted last month. "This actor targets government, defense, telecommunications, and financial institutions worldwide."

The weaponized downloader and loader inspects the target system for the presence of security software from CrowdStrike, FireEye, and Tanium, and if not present, fetches another payload from a remote server that masquerades as a PNG file.

"The PNG file contains an embedded payload inside a fake outer PNG header that is, carved, decrypted, and launched in memory," Microsoft said. Upon execution, the malware further attempts to contact a legitimate-but-compromised domain for the retrieval of additional payloads.

The disclosures come a day after Palo Alto Networks Unit 42 revealed twin campaigns architected by North Korean threat actors to distribute malware as part of fictitious job interviews and obtain unauthorized employment with organizations based in the U.S. and other parts of the world.

Last month, Microsoft also implicated Diamond Sleet in the exploitation of a critical security flaw in JetBrains TeamCity (CVE-2023-42793, CVSS score: 9.8) to opportunistically breach vulnerable servers and deploy a backdoor known as ForestTiger.

"The actors have been observed leveraging zero-day vulnerabilities and exploits in third-party software to gain access to specific targets or indiscriminate organizations via their supply chains," the agencies said.

On 11/22/2023, we identified a malware issue in the installation file for one of our programs, Promeo. Upon discovery, our dedicated cybersecurity team immediately removed the bug and additional security measures were put in place to prevent this from happening again in the future.

We are committed to maintaining the highest standards of digital security and are taking this matter extremely seriously. Hence, as a precautionary measure, we made the decision to inspect the full lineup of CyberLink products (e.g., PowerDirector, PhotoDirector, PowerDVD) using trusted tools like Microsoft Defender, CrowdStrike, Symantec, TrendMicro, and Sophos software. We can confirm that none of the other programs were affected.

(The article was updated after publication to include information about an advisory issued by South Korea and the U.K. on North Korea-linked software supply chain attacks as well as a statement from CyberLink.)

The installer, discovered in October and dubbed LambLoader, was hosted on legitimate update infrastructure owned by CyberLink and targeted environments not using security software from FireEye, CrowdStrike or Tanium.

While they had not yet identified any hands-on-keyboard activity carried out by the threat actors after compromising devices via LambLoader, the researchers said the group were known for exfiltrating sensitive data from victim environments, compromising software build environments, moving downstream to exploit further victims, and establishing persistence on targeted environments.

The second attack referenced in the NCSC and NIS advisory was the breach of 3CX VoIP software installations, which led to the installation of trojanized malware onto the 3CX desktop app to deploy further malicious activities on clients leveraging the vulnerable app.

Simon Hendery is a freelance IT consultant specializing in security, compliance, and enterprise workflows. With a background in technology journalism and marketing, he is a passionate storyteller who loves researching and sharing the latest industry developments.

Such a vulnerability stems from impacted devices' usage of an American Megatrends International-generated Platform Key with the "DO NOT TRUST" tag that the vendors should have replaced, according to a report from the Binarly Research Team.

I found this review in PC Magazine absolutely bogus. The author cites more cons than pros with Vegas, and many of his criticisms seem unfair and have more to do with him as an editor than legit criticisms about Vegas. His main criticisms are as follows and I would like to respond to each one.

1. Interface lacks conveniences found in competitors. Not sure what in the world he is talking about here. Vegas Pro has one of the best interfaces available. Click and drag ease, a sleek interface, super easy to use and navigate. The interface is one of the reasons I love Vegas. Has he ever used Da Vinci Resolve? Vegas is a cake walk by comparison.

2. Requires outdated internet security settings to function. Not sure what he means by this. You have to activate through the Magix website online. I find the security more than adequate. What is the issue here? Not clear to me. I find Magix security more than on par with other software programs I use. Have you tried logging onto to Mixamo? It is no worse or better than Magix's system. Again a bogus and weak criticism.

3. Multicam editing is nearly unusable. I can't speak to this one because I only use one camera at a time. How many cameras does the average user shoot with? Is it the multicam system really that bad??

4. No welcome panel with tutorials. Welcome programs? What in the world? There is a welcome panel now and quite frankly, I find it annoying. I realize video editing programs can seem intimidating at first, but the timeline is right there and a 6th grader could probably figure out how easy it is to drop clips on it. There is ample help included in the program. Another bogus criticism in my view. How much hand holding is supposed to be provided?

5. Some program instability. I have found Vegas to be extremely stable and the latest build is probably the most stable. What high-performance program does not have an occasional crash here and there? This is a generic criticism that could be leveled at any video editing program. I call B.S. on this one.

Huh? There's not too much difference in Vegas Pro's GUI layout since Vegas Pro 10 (my entry VP version) other than now having a display choice other than 'light'. The reviewer provided no opinion as to what the older version complexity was as against VP20. It almost seems that the reviewer is comparing VP20 to some other NLE from years ago that he has confused as being Vegas Pro.

What is immediately apparent is that the reviewer has failed to do what a good reviewer should do and that is to provide details and explanations about the condensed pros/cons points. As far as I could see, there's nothing in the review pointing out the interface conveniences found in other NLEs that are lacking in VP; no mention about the internet security issue; and a failure to recognise that VP tutorials are accessible by another means (Hub) than the method used in some other NLES - so a big "so what" to that point - it's just different, that's all. The reviewer seems to assume that all NLEs must do everything the same way.

I would love to see Videostudio Pro or Powerdirector do what Vegas can do, with the say, BRAW. Reading the replies shows that the simplest of things, the reviewer didn't have a grasp of. And if you read any past reviews, PD and VS are always highly regarded.... hmmm.....

To fully understand any complex software, you have to spend a lot of time with it, and constantly use it. These "reviewers" are under a deadline. And like all of us, we have our personal preferences. Some prefer the upside down editing of Powerdirector of Videostudio Pro... not me though.

The Vegas review reads like that of an air-head. In sharp contrast to the same person's review of DaVinci Resolve. He's the head of PC Mag's review department so obviously he's more sophisticated than he made himself out to be. His motivation is anyone's guess but my impression is that the Vegas review is a calculated hit-piece.

2. **Robust Editing Features:** The software provides a wide range of editing tools, including advanced color grading, compositing, and audio editing capabilities. This allows for high-level professional editing.

4. **Strong Community and Support:** There is a large community of Vegas Pro users, providing a wealth of tutorials, tips, and plugins. Additionally, the software has good customer support for troubleshooting and advice.

3. **Steep Learning Curve for Advanced Features:** Although the basic interface is user-friendly, mastering the more advanced features of Vegas Pro can take time and may be overwhelming for beginners.

4. **Lack of Certain Advanced Features:** While Vegas Pro is powerful, it may lack some of the high-end features found in other professional software, like sophisticated motion tracking or 360-degree editing tools.

In conclusion, Vegas Pro is a strong contender in the realm of video editing software, particularly for those seeking a balance between advanced capabilities and user-friendliness. However, potential users should consider their specific needs and possibly trial the software before committing, to ensure it meets their requirements in terms of performance, features, and stability.

3a8082e126