1. Linux Cobalt Strike beacon used in ongoing attacks
In a new report by security firm Intezer, researchers explain how threat actors have taken it upon themselves to create their Linux beacons compatible with Cobalt Strike. Using these beacons, threat actors can now gain persistence and remote command execution on both Windows and Linux machines. Read more »
2. REvil ransomware is back in full attack mode and leaking data
The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. After their shutdown, researchers and law enforcement believed that REvil would rebrand as a new ransomware operation at some point. However the REvil ransomware gang came back to life this week under the same name. Read more »
3. 7 signs your IT training sucks
Leading a skills-deprived IT staff is like coaching a sports team that never bothers to study emerging tactics or rule changes. To ensure that your organization fields a first-class IT team, pay attention to the seven warning signs that indicate an existing training approach could use a reboot. Read more »
4. KrebsOnSecurity hit by huge new IoT botnet Meris
Last week, KrebsOnSecurity was the subject of a large-scale distributed denial-of-service attack. The assault came from Meris, the same new botnet behind record-shattering attacks against Russian search giant Yandex this week and internet infrastructure firm Cloudflare earlier this summer. Read more »
5. Helping your campus IT and cybersecurity teams avoid burnout
Depending on your organization’s level of exposure, cybersecurity expertise on staff and ability to spend on defenses, stress levels could be at an all-time high. Campus Safety Magazine talked to several cybersecurity experts and incident response professionals about how to deal with that stress. Read more »
6. Critical bug reported in NPM package with millions of weekly downloads
A widely used NPM package called Pac-Resolver for the JavaScript programming language has been remediated with a fix for a high-severity remote code execution vulnerability that could be abused to run malicious code inside Node.js applications whenever HTTP requests are sent. The flaw has a severity rating of 8.1 and affects Pac-Resolver versions before 5.0.0. Read more »
7. Stealthier ZLoader variant spreading via fake TeamViewer download ads
Users searching for TeamViewer remote desktop software on search engines like Google are being redirected to malicious links that drop ZLoader malware onto their systems. They utilize a stealthier infection chain that allows it to linger on infected devices and evade detection by security solutions. Read more »
8. New SpookJS attack bypasses Google Chrome’s site isolation protection
A newly discovered side-channel attack demonstrated on modern processors can be weaponized to successfully overcome Site Isolation protections in the Google Chrome and Chromium browsers. As a consequence, any data stored in the memory of a website being rendered or a Chrome extension can be extracted, including personally identifiable information. Read more »
9. BlackMatter ransomware hits medical technology giant Olympus
Olympus is currently investigating a potential cybersecurity incident affecting limited areas of its EMEA IT systems on September 8, 2021. While Olympus did not share any details on the attackers’ identity, ransom notes left on systems impacted during the breach point to a BlackMatter ransomware attack. Read more »
10. FragAttacks foil two decades of wireless security
Security researchers recently discovered so-called fragmentation attacks, or FragAttacks, that abuse the aggregation and fragmentation of wireless communications to allow machine-in-the-middle attacks. Details of the vulnerabilities, which had been kept secret for nine months, were disclosed at the Black Hat USA briefings on Aug. 5. Read more »