New threat alert! Researchers have uncovered a connection between LockBit and DragonForce ransomware, revealing the abuse of the leaked LockBit-3.0 builder. Meanwhile, a sophisticated campaign actively exploits Cisco vulnerabilities to deploy backdoors and potentially steal data from infected devices. Attackers targeted firms across the telecommunications and energy sectors. There is also a piece of information on a new Brokewell Android trojan camouflaging as a Google Chrome update. Check out its capabilities along with other trending news from cyberspace.
01
Cyble researchers discovered connections between LockBit and DragonForce ransomware groups, highlighting that the latter might have leveraged the leaked LockBit 3.0 builder to craft its binary.
02
Cisco attributed a recently discovered ArcaneDoor campaign to STORM-1849 APT that exploited two zero-day vulnerabilities in Cisco’s ASA firewalls to plant malware in multiple organizations, including those in the telecommunications and energy sectors.
03
ThreatFabric reported on a new banking trojan named Brokewell, delivered via a fake Google Chrome update to capture user details from Android phones and offer remote control to attackers. It is under active development.
04
Zscaler ThreatLabz revealed that threat actors are utilizing SEO poisoning tactics to push fraudulent websites to the top of Google search results to spread malware that pilfers system information and browser history.
05
South Korean security services identified three North Korean hacker groups—Lazarus, Kimsuky, and Andariel—as culprits for breaching the networks of 83 defense companies in South Korea for more than a year to steal technical data.
06
Netcraft disclosed that attackers abused AutoDesk drive to host malicious PDF files and leveraged compromised Microsoft accounts in a phishing attack to steal sensitive company data.
07
Proof-of-concept exploit code for a critical flaw impacting the Progress Flowmon monitoring tool has been released, which increases the chances of threat actors exploiting the flaw. The flaw can be exploited through a specially crafted API request.
08
Researchers warned that multiple vulnerabilities found in the Brocade SANnav storage area network (SAN) management application can be exploited to compromise the appliance and Fibre Channel switches.
09
Zero trust endpoint security company ThreatLocker raised $115 million in a Series D funding round led by General Atlantic, with participation from StepStone Group and the D.E.Shaw group.
10
Sublime Security raised $20 million in Series A funding, led by Index Ventures, with participation from previous investors Decibel Partners and Slow Ventures.
