Share Blog Post
As the leaked LockBit builder continues to jump into the hands of cybercriminals, another ransomware group molds it to its need. The DragonForce ransomware group claimed to have targeted at least 25 organizations worldwide using the modified strain. In other news, a security expert warned of multiple vulnerabilities in Brocade SANnav storage area network management application. The flaws stemmed from default firewall settings, insecure protocols, backdoor accounts with publicly known passwords, and insufficiently secured Docker instances.
Meet Brokewell, a potent mobile banking malware linked to Baron Samedit, signaling a rise in Android 13+ bypass techniques and the widening accessibility of sophisticated mobile threats. Additionally, the ArcaneDoor malware campaign exploits Cisco zero-days to deploy custom malware.
Top Malware Reported in the Last 24 Hours
LockBit builder exploited once again
The operators of DragonForce ransomware leveraged the leaked LockBit Builder to customize its payloads and target specific victims. With over 25 global victims identified, the group utilized LockBit infrastructure for operational efficiency while maintaining anonymity through rebranding. The ransomware employed aggressive encryption tactics, halting critical processes and services such as Oracle, Microsoft Office apps, antivirus software, and backup solutions to expedite encryption.
Attackers abuse Cisco flaws
A new malware campaign named ArcaneDoor, attributed to the sophisticated state-sponsored actor UAT4356, leveraged two zero-day bugs in Cisco networking gear to deploy custom malware and extract sensitive data. The campaign targeted Cisco Adaptive Security Appliance and Firepower Threat Defense Software. The implants deployed, Line Runner and Line Dancer, allow for malicious actions such as configuration modification and network traffic exfiltration.
Brokewell: New mobile malware threat
ThreatFabric's latest report uncovered Brokewell, a newly discovered mobile malware family with sophisticated capabilities aimed at compromising banking apps. Brokewell employs various techniques, including overlay attacks and accessibility logging, to steal user credentials and sensitive data. Moreover, it features remote control capabilities, allowing threat actors to execute device takeover attacks.
Top Vulnerabilities Reported in the Last 24 Hours
Brocade SANnav exposed critical flaws
Security researcher Pierre Barre has identified 18 vulnerabilities in the Brocade SANnav storage area network management application. These flaws, including unauthenticated remote login issues, exposed the appliance and Fibre Channel switches to multiple cyber threats. Three of nine CVE-assigned bugs allowed attackers to intercept credentials and compromise the entire Fibre Channel infrastructure.
PoC exploit out for Progress Flowmon bug
A severe security flaw, tracked as CVE-2024-2389, affected the widely-used network monitoring tool Progress Flowmon, allowing unauthenticated attackers to execute arbitrary system commands. Discovered by Rhino Security Labs, the vulnerability has a severity score of 10/10. Progress Software has urged users to upgrade to v12.3.5 and 11.1.14. Progress assured no active exploitation spotted in the wild.
Security holes found in online code editor
JudgeO, a widely-used online code editor, contains critical security vulnerabilities, posing a significant risk to users' systems and data integrity. Tracked under CVE-2024-28185, CVE-2024-28189, and CVE-2024-29021, these flaws allowed attackers to execute arbitrary code with root-level privileges and escape sandbox environment. Exploitation involved manipulating symbolic links, bypassing sandbox restrictions, and exploiting unsafe default configurations.
Tags
Posted on: April 25, 2024
More from Cyware
Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.
The Virtual Cyber Fusion Suite
