Security News

With the launch of the Cobalt Partner Program, the company's goal is to build out strategic relationships to ensure long-term success to its partners and clients, enabling them to solve their customers' pentesting needs while driving growth and revenue. The Cobalt Partner Program offers two partner options - referral and reseller partners - with tiers within each to fit partners' unique wants and needs, and various commitment levels.

Cobalt announced it has named Eric Brinkman as its new Chief Product Officer. To accomplish these goals, Brinkman will be responsible for defining Cobalt's three year product strategy and fully rounding out Cobalt's product team with key hires.

How can military experience help build resilience in information security? What lessons in perseverance and resilience can we pick up from an aerospace consultant who learned them the hard way in the wake of the NASA Challenger tragedy? Or, perhaps, you want to know more about how pentesting works in practice and hear advice by CISOs on how to manage infosec programs?

The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. The hackers used Raindrop to deliver a Cobalt Strike beacon to select victims that were of interest and which had already been compromised through the trojanized SolarWinds Orion update.

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Twelve days ago, a repository was created on GitHub that contains what appears to be the source code for Cobalt Strike 4.0.

Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network. In a non-public security advisory seen by BleepingComputer, Microsoft is warning its customers about these FakeUpdates campaigns, offering recommendations that would lower the impact of the attack via its Defender ATP service.

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices. Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.

Microsoft rushed to take action on Wednesday after Defender Advanced Threat Protection users reported getting Cobalt Strike and Mimikatz alerts that turned out to be false positives. It's not surprising that some Microsoft Defender ATP users had a small heart attack on Wednesday when they saw multiple high-severity alerts for Cobalt Strike.