Lazarus Group, the North Korean state-sponsored cyber threat group, exploited a flaw in the Windows AppLocker driver to gain kernel-level access and disable security tools, bypassing Bring Your Own Vulnerable Driver (BYOVD) techniques. The activity was detected by Avast analysts, who reported it to Microsoft, resulting in a fix for the flaw, now tracked as CVE-2024-21338. According to Avast, Lazarus Group exploited the vulnerability to create a read/write kernel primitive in an updated version of its FudModule rootkit, which previously abused a Dell driver for BYOVD attacks.

Epic Games recently announced that it found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers.  Epic Games noted that they immediately began investigating the incident after seeing a screenshot of the dark web page promoting the breach and attempted to contact the threat actor.  However, the company said they have not received a response from Mogilevich.

Global pharmaceutical solutions provider Cencora recently announced that it fell victim to a cyberattack that resulted in personal information being stolen from its systems.  The data breach was identified on February 21.  It is currently unclear exactly what type of data has been exfiltrated and who it belongs to, whether it’s employees or customers.  The company noted that it has taken steps to contain the incident, and an investigation has been launched with the assistance of law enforcement and external cybersecurity experts, but it provided no further details.

Xeno RAT has been made available on GitHub, allowing other threat actors to use it. According to its developer, the open-source Remote Access Trojan (RAT), written in C# and compatible with Windows 10 and Windows 11 operating systems, includes a comprehensive set of features for remote system management. It has a SOCKS5 reverse proxy and real-time audio recording capability, as well as a Hidden Virtual Network Computing (HVNC) module. The developer says Xeno RAT was made from scratch, resulting in a one-of-a-kind and customized approach to remote access tools.

A team of scientists in China has introduced a quantum communication technique that could help protect Web 3.0 from the threat of quantum computing. According to the team, their approach, Long-Distance Free-Space Quantum Secure Direct Communication (LF QSDC), improves data security by allowing encrypted direct messaging without needing key exchange, which is traditionally vulnerable to quantum attacks. They add that the approach bolsters security and adheres to the decentralized ethos of Web 3.0, providing a strong defense in the digital landscape.

According to security researchers at Trend Micro, more threat actors have started exploiting two recently resolved vulnerabilities in the ConnectWise ScreenConnect remote desktop access software.  The issues tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4) are described as an authentication bypass flaw and a path traversal bug.  The researchers noted that ConnectWise disclosed the security defects on February 19, when it announced patches for them.  Two days later, the company updated its advisory to warn of ongoing exploitation.

The National Security Agency (NSA), together with the Federal Bureau of Investigation (FBI) and other co-sealers, has released a Cybersecurity Advisory (CSA) titled "Russian Cyber Actors Use Compromised Routers to Facilitate Cyber Operations," detailing observed activities, mitigation recommendations, and more.

The US Department of Energy (DOE) has announced the selection of 16 projects across six states aimed at protecting the country's energy sector from cyberattacks. Selected projects, managed by DOE's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), will contribute to the development of new cybersecurity tools and technologies focused on reducing cyber risks and strengthening the resilience of America's energy systems. Cyberattacks can significantly disrupt the steady flow of energy to American homes, businesses, and communities.

According to Forcepoint researchers, scammers are targeting users of the popular travel-related service provider Booking.com with Agent Tesla malware disguised as inquiries. Attackers send emails impersonating Booking.com, instructing the recipient to check an attached malware-infected PDF for a card statement. They exploit the stress caused by last-minute travel-related emails. Agent Tesla malware is an advanced Remote Access Trojan (RAT) that serves as a keylogger and information stealer. It is one of the most widely used RATs, impacting up to 7 percent of organizations worldwide.