Tag Archive for: Environments

Hackers Alter Cobalt Strike Beacon to Target Linux Environments

/in


A significant part of hacking consists of diverting the function of existing systems and software, and hackers often use legitimate security tools to perform cyber attacks.

Pentesting tool Cobalt Strike has been one such target, but what happened recently with a Red Hat Linux version of the Cobalt Strike Beacon is worthy of note. According to cybersecurity researchers, it could be the work of an advanced threat actor.

How is Cobalt Strike Beacon Used in Cyberattacks?

Cobalt Strike is an exploitation platform. The idea is to emulate attacks from advanced adversaries and potential post-exploitation actions.

You can see it as a framework used by security teams for test purposes and threat groups. The software creates connections (using Cobalt Strike servers) to attack networks. In addition, it contains tons of components that are pretty convenient and customizable.

The beacon is the client. That’s why attackers have to install it on the targeted machine, which usually happens after exploiting a vulnerability. If the attack succeeds, hackers can maintain a persistent connection between the beacon and Cobalt Strike rogue servers, sending data periodically.

A New Variant of Cobalt Strike

Cobalt Strike Beacon Linux enables emulation of advanced attacks to a network over HTTP, HTTPS, or DNS.

It provides a console where you can open a beacon session and enter specific commands. The console returns command output and other information. Users get access to a status bar and various menus that extract information and interact with the target’s system.

Beacon’s shell commands are handy for performing various injections, remote command executions, and unauthorized uploads and downloads.

The skilled hackers who implemented this Linux variant achieved tremendous success. Their version has a scary ability to remain undetected. It can get disk partitions, list, write and upload files, and execute commands as well.

The malware has been renamed Vermilion. The name vermillion came from the Old French word vermeillon, which was derived from vermeil, from the Latin vermiculus, the diminutive of the Latin word vermis, or worm.

How Does a Beacon Attack Work?

The Cobalt Strike’s Command and Control…

Source…

Hillstone Networks Delivers Enterprise Application Security for Cloud Environments | Business

/in


SANTA CLARA, Calif.–(BUSINESS WIRE)–Sep 14, 2021–

Hillstone Networks, a leading provider of infrastructure protection solutions, is pleased to announce the release of Hillstone virtual Web Application Firewall (vWAF) as part of its full breadth of cybersecurity solutions. vWAF addresses and protects against the barrage of vulnerabilities that are regularly reported in Web applications and pose a significant threat to an enterprise’s security posture.

With vWAF, customers can fully secure applications that span multiple data centers or clouds. With proactive Layer-7 security, it detects and defends against attacks at both the network layer (DDoS attacks, flood attacks, scan and spoof, etc.), at the application layer (injection attacks, cross site scripting attacks, SQL injection, etc.), as well as specific files (.docx, .jpg). vWAF protects against OWASP Top 10 threats, including addressing broken authentication (illegal access) with an automated protection process.

vWAF highlights include:

  • Machine-Learning-driven semantic analysis, policy optimization and unknown attack defense together help detect and fix vulnerabilities, and identify and protect against threats.
  • Improved detection accuracy delivered with context and connotation, so that security admins have a clear understanding of the threat and its impact.
  • Advanced API protection secures against excessive data exposure and increased attack surfaces, ensuring the integrity of the app development environment.

“Your network may be secure, but what about the applications running in your virtual environments? Protection doesn’t stop at the network perimeter, and web applications are strife with vulnerabilities,” says Tim Liu, co-founder and CTO, Hillstone Networks, “Our customers are looking to us to secure, maintain and enhance app performance due to the challenges and complexities they face. Hillstone vWAF is built to protect and defend against vulnerabilities with a distributed and scalable solution.”

Click here for more information on Hillstone’s virtual WAF solution.

About Hillstone Networks

Hillstone…

Source…

SUSE Linux Enterprise Earns Common Criteria EAL 4+, Proving Top Security for Mission-Critical Environments

/in


NUREMBERG, Germany, Aug. 17, 2021 /PRNewswire/ — SUSE®, a global leader in innovative, reliable and enterprise-grade open source solutions, today announced its flagship Linux distribution has earned Common Criteria EAL 4+ certification. SUSE Linux Enterprise Server (SLES) 15 SP2 is now EAL 4+ level certified for IBM Z, Arm and x86-64 architectures, signifying compliance with the most-demanding security requirements for mission-critical infrastructure. SUSE’s Common Criteria EAL 4+ software supply chain certification includes secure production, delivery of updates, and protection of critical digital assets.

SUSE is currently the only provider of a recent general-purpose Linux operating system with a secure software supply chain that is certified Common Criteria EAL 4+ for all these platforms.

“In today’s age of advanced hacking and service disruption, Common Criteria EAL 4+ level certification for SLES provides confidence to critical service providers such as governments, finance and banking companies, healthcare organizations, water and power companies, telecommunications providers, and others innovating at the edge,” said Thomas Di Giacomo, SUSE Chief Technology and Product Officer. “SUSE’s commitment to open interoperability means SLES 15 customers around the world can be certain their operating system conforms to the highest international standards for computer security within their chosen IT infrastructure.”

Kara Todd, director of Linux, IBM Z & LinuxONE at IBM, said, “This latest Common Criteria EAL 4+ certification, the highest level attainable for an open source operating system, for SUSE Linux Enterprise on IBM Z demonstrates a continued prioritization on security and reliability, which we expect will be very well received by our joint customers around the world. We are seeing an ever-growing number of exciting new Linux workloads which are a great fit for the underlying scalability, reliability and security that the IBM Z platform provides.”

Bhumik Patel, director of Ecosystem Software Development, Infrastructure Line of Business, Arm, said, “The pervasiveness of Arm technology from cloud to edge underscores our responsibility to work with the industry to deliver…

Source…

The risk of insecure protocols in business environments

/in


This year alone, there have been some of the biggest and most damaging ransomware attacks to date. In the space of just five days in May, there were two major cyber-attacks that rattled governments and private sector organizations around the world. The first, on Colonial Pipeline, forced a week-long shutdown of a major petrol supply line and pushed U.S. petrol prices to their highest since 2014. The second attack, on the Irish healthcare system, resulted in thousands of appointments, cancer treatments, and surgeries being canceled or delayed and patient data shared online. 

Most recently, IT company Kaseya was targeted with ‘the biggest ransomware attack on record’, with cyber criminals demanding over $70 million to restore systems and unlock data. In this case, the attackers targeted a well-established but little-known software firm that would give them access to hundreds of other environments and the full extent of the damage is yet to be determined. 

Source…