Cybersecurity Weekly: Cobalt Strike beacon, REvil is back, IT training pitfalls
Linux Cobalt Strike beacon is being used in ongoing attacks. REvil ransomware is back in full attack mode and leaking data. 7 signs your IT training sucks. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Linux Cobalt Strike beacon used in ongoing attacks
In a new report by security firm Intezer, researchers explain how threat actors have taken it upon themselves to create their Linux beacons compatible with Cobalt Strike. Using these beacons, threat actors can now gain persistence and remote command execution on both Windows and Linux machines.
2. REvil ransomware is back in full attack mode and leaking data
The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. After their shutdown, researchers and law enforcement believed that REvil would rebrand as a new ransomware operation at some point. However the REvil ransomware gang came back to life this week under the same name.
3. 7 signs your IT training sucks
Leading a skills-deprived IT staff is like coaching a sports team that never bothers to study emerging tactics or rule changes. To ensure that your organization fields a first-class IT team, pay attention to the seven warning signs that indicate an existing training approach could use a reboot.
4. KrebsOnSecurity hit by huge new IoT botnet Meris
Last week, KrebsOnSecurity was the subject of a large-scale distributed denial-of-service attack. The assault came from Meris, the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.
5. Helping your campus IT and cybersecurity teams avoid burnout
Depending on your organization’s level of exposure, cybersecurity expertise on staff and ability to spend on defenses, stress levels could be at an all-time high. Campus Safety Magazine talked to several cybersecurity experts and incident response professionals about how to deal with that stress.
6. Critical bug reported in NPM package with millions of weekly downloads
A widely used NPM package called Pac-Resolver for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent. The flaw has a severity rating of 8.1 and affects Pac-Resolver versions before 5.0.0.
7. Stealthier ZLoader variant spreading via fake TeamViewer download ads
Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems. They utilize a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions.
8. New SpookJS attack bypasses Google Chrome's site isolation protection
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections in the Google Chrome and Chromium browsers. As a consequence, any data stored in the memory of a website being rendered or a Chrome extension can be extracted, including personally identifiable information.
9. BlackMatter ransomware hits medical technology giant Olympus
Olympus is currently investigating a potential cybersecurity incident affecting limited areas of its EMEA IT systems on September 8, 2021. While Olympus did not share any details on the attackers' identity, ransom notes left on systems impacted during the breach point to a BlackMatter ransomware attack.
10. FragAttacks foil two decades of wireless security
Security researchers recently discovered so-called fragmentation attacks, or FragAttacks, that abuse the aggregation and fragmentation of wireless communications to allow machine-in-the-middle attacks. Details of the vulnerabilities, which had been kept secret for nine months, were disclosed at the Black Hat USA briefings on Aug. 5.
In this Series
- Cybersecurity Weekly: Cobalt Strike beacon, REvil is back, IT training pitfalls
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
