News

Two new variants of Cobalt Strike written in Ggoogle’s Golang have popped up on the wild internet. According to SentinelOne, this new flavor is set up to target macOS systems. They have also noted that this new beacon (called Geacon) has been popping up on malware review sites like Virus Total in the past few months. The new detections could be part of red-teaming exercises, but the increase seems to indicate that real-world malicious activity is also part of the surge in detections.

Cybersecurity firm OTORIO has announced several new vulnerabilities in cloud management platforms at Black Hat Asia 2023. The Israeli company named three industrial cellular providers with a total of eleven vulnerabilities which could allow for complete compromise of operational technology devices. These three providers represent a very large number of OT and IIoT (Industrial Internet of Things) devices, making them a serious concern.

The popular socialization platform, Discord, is alerting users to a data breach that occurred due to the compromise of a support agent account. The breach appears to be limited in scope to the ticket queue that the third-party agent was responsible for. The ticket queue contained email addresses, attachments and all messages that might have been exchanged during ticket resolution with this agent.

After a Leak of Babuk ransomware source code in late 2021 researchers have identified 9 separate new stains that are intended to target VMware ESXi. The new variants first started showing up in the 2cond half of 2022. As with ransomware as a service, having leaked source code allows less sophisticated attack groups to utilize the work of others to their advantage. In this case the targeting the Linux based ESXi. ESXi is a great target as it allows for the encryption of infrastructure and prevents the rapid restoration of systems since the infrastructure those servers run on is what has been affected.