ThreatFabric researchers have discovered "Brokewell," an Android banking Trojan capable of capturing every event on the compromised device, including touches, information displayed, text input, and applications launched. The malware is delivered via a fake Google Chrome update that is displayed while browsing. Brokewell malware, which is said to be under active development, provides device takeover and remote control capabilities. This article continues to discuss observations and findings regarding the new Brokewell malware. 

"DragonForce," a new ransomware strain, uses a leaked LockBit builder. The cybercriminal group used a ransomware binary based on a leaked LockBit Black builder, according to Cyble. Cyble reported its findings after examining DragonForce's activity for months. LockBit Black is the third LockBit ransomware version. A disgruntled developer leaked it six months after its March 2022 release. After that, LockBit admins launched LockBit Green, which was later revealed to be a rebranded version of a Conti encryptor.

Palo Alto Networks recently shared remediation instructions for organizations whose firewalls have been hacked through the exploitation of the vulnerability tracked as CVE-2024-3400. The company noted that customers who detect unsuccessful exploitation attempts are advised to update to the latest PAN-OS hotfix. The same must be done by organizations that find evidence of someone testing their firewall to see if it's vulnerable, this typically involves creating an empty file on the firewall, but no unauthorized commands are executed.

According to security researchers at PatchStack, hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. Currently installed on more than 30,000 websites, WP Automatic lets administrators automate content importing (e.g. text, images, video) from various online sources and publishing on their WordPress site. The exploited vulnerability is identified as as CVE-2024-27956 and received a severity score of 9.9/10.

The US government has recently taken down Samourai Wallet, a cryptocurrency mixing service that executed over $2bn in unlawful transactions and laundered over $100m in criminal proceeds. The Department of Justice (DoJ) recently announced that Samourai's web servers and domain were seized following a law enforcement operation in collaboration with Iceland's authorities. Additionally, the illegal cryptocurrency service's Android app has been removed from the Google Play Store in the US.

Proof-of-Concept (PoC) exploit code has been released for a severe security vulnerability in Progress Flowmon, a tool used to monitor network performance and support visibility. Progress Flowmon features performance tracking, diagnostics, and more. It is used by over 1,500 companies worldwide, including SEGA, KIA, TDK, Volkswagen, Orange, and Tietoevry. The security issue, discovered by researchers at Rhino Security Labs and tracked as CVE-2024-2389, has a maximum severity score of 10.

Researchers at the University of Illinois Urbana-Champaign discovered that feeding public security advisories to a GPT-4 Artificial Intelligence (AI) agent allows it to exploit unpatched "real-world" vulnerabilities even without precise technical information. The researchers fed AI agents descriptions of over a dozen disclosed but unpatched vulnerabilities (also called "one-day" flaws), including two "critical" bugs.

A team of researchers from Cornell Tech, the Israel Institute of Technology, and Intuit developed a novel type of malware dubbed the "Morris II" worm, which uses popular Artificial Intelligence (AI) services to spread itself, infect systems, and steal data. The worm further highlights the potential dangers of AI security threats and the need to secure AI models. The team used an "adversarial self-replicating prompt" to create the worm.

By grigby1 

By krahal

This Cyber Scene will discuss the complexity of defending against cyberattacks not only from domestic and foreign enemies, but also address current issues of how these cyber enemies--domestic AND foreign together--complicate the defense of the US from its cyber enemies.