Security News

Cobalt Iron announced that its Compass enterprise software-as-a-service backup platform now enables seamless management of Google Cloud Platform virtual machine snapshots. Through this new capability, Compass users are able to manage backup retentions and schedules for GCP VM snapshots using the Compass Commander GUI, the same interface with which they manage their enterprise backups.

With the launch of the Cobalt Partner Program, the company's goal is to build out strategic relationships to ensure long-term success to its partners and clients, enabling them to solve their customers' pentesting needs while driving growth and revenue. The Cobalt Partner Program offers two partner options - referral and reseller partners - with tiers within each to fit partners' unique wants and needs, and various commitment levels.

Cobalt announced it has named Eric Brinkman as its new Chief Product Officer. To accomplish these goals, Brinkman will be responsible for defining Cobalt's three year product strategy and fully rounding out Cobalt's product team with key hires.

How can military experience help build resilience in information security? What lessons in perseverance and resilience can we pick up from an aerospace consultant who learned them the hard way in the wake of the NASA Challenger tragedy? Or, perhaps, you want to know more about how pentesting works in practice and hear advice by CISOs on how to manage infosec programs?

The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. The hackers used Raindrop to deliver a Cobalt Strike beacon to select victims that were of interest and which had already been compromised through the trojanized SolarWinds Orion update.

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Twelve days ago, a repository was created on GitHub that contains what appears to be the source code for Cobalt Strike 4.0.

Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network. In a non-public security advisory seen by BleepingComputer, Microsoft is warning its customers about these FakeUpdates campaigns, offering recommendations that would lower the impact of the attack via its Defender ATP service.

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices. Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.