Cybersecurity Weekly: Cobalt Strike beacon, REvil is back, IT training pitfalls
Linux Cobalt Strike beacon is being used in ongoing attacks. REvil ransomware is back in full attack mode and leaking data. 7 signs your IT training sucks. All this, and more, in this week’s edition of Cybersecurity Weekly.
1. Linux Cobalt Strike beacon used in ongoing attacks
In a new report by security firm Intezer, researchers explain how threat actors have taken it upon themselves to create their Linux beacons compatible with Cobalt Strike. Using these beacons, threat actors can now gain persistence and remote command execution on both Windows and Linux machines.
2. REvil ransomware is back in full attack mode and leaking data
The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. After their shutdown, researchers and law enforcement believed that REvil would rebrand as a new ransomware operation at some point. However the REvil ransomware gang came back to life this week under the same name.
3. 7 signs your IT training sucks
Leading a skills-deprived IT staff is like coaching a sports team that never bothers to study emerging tactics or rule changes. To ensure that your organization fields a first-class IT team, pay attention to the seven warning signs that indicate an existing training approach could use a reboot.
4. KrebsOnSecurity hit by huge new IoT botnet Meris
Last week, KrebsOnSecurity was the subject of a large-scale distributed denial-of-service attack. The assault came from Meris, the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer.
5. Helping your campus IT and cybersecurity teams avoid burnout
Depending on your organization’s level of exposure, cybersecurity expertise on staff and ability to spend on defenses, stress levels could be at an all-time high. Campus Safety Magazine talked to several cybersecurity experts and incident response professionals about how to deal with that stress.
6. Critical bug reported in NPM package with millions of weekly downloads
7. Stealthier ZLoader variant spreading via fake TeamViewer download ads
Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems. They utilize a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions.
8. New SpookJS attack bypasses Google Chrome's site isolation protection
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections in the Google Chrome and Chromium browsers. As a consequence, any data stored in the memory of a website being rendered or a Chrome extension can be extracted, including personally identifiable information.
9. BlackMatter ransomware hits medical technology giant Olympus
Olympus is currently investigating a potential cybersecurity incident affecting limited areas of its EMEA IT systems on September 8, 2021. While Olympus did not share any details on the attackers' identity, ransom notes left on systems impacted during the breach point to a BlackMatter ransomware attack.
10. FragAttacks foil two decades of wireless security
Security researchers recently discovered so-called fragmentation attacks, or FragAttacks, that abuse the aggregation and fragmentation of wireless communications to allow machine-in-the-middle attacks. Details of the vulnerabilities, which had been kept secret for nine months, were disclosed at the Black Hat USA briefings on Aug. 5.