Cyber Security Blog

Dive with us into the world of hackers, data espionage, and attack defense - several times a week for free!

Often, an unpatched vulnerability or a phishing email is enough for cybercriminals to gain access to your network. Since the intruders are there to target valuable assets such as sensitive data or critical systems, the attacker first secures his permanent network access. Often undetected, he moves away from the original entry point and penetrates deeper and deeper into the compromised network until the actual target is reached. This method is called "lateral movement" and refers to the lateral movement in a company network - a procedure that can cause great damage. It is therefore all the more important that you are able to identify and stop attackers promptly.

Cobalt Strike is a commercial program developed by the provider Strategic Cyber LLC, which is primarily used by IT companies and security experts. Cobalt Strike can be used to simulate cyber attacks in penetration tests and identify vulnerabilities in networks before they can be exploited by hackers. Despite the manufacturer's existing security precautions, however, cyber criminals also manage to gain access to what is actually a legitimate security tool and misuse it for malicious purposes. In this article, we take a closer look at how Cobalt Strike works, show why cyber criminals are increasingly using the tool and what IT security managers need to do now, to protect their systems.

The artificial intelligence (AI)-powered chatbot ChatGPT from OpenAI can compose texts, conduct dialogues and write programme code. The bot thus has enormous potential to make our lives easier in the future. But hackers can also exploit ChatGPT for their criminal purposes by using the AI to create phishing emails, scams or malware. Malicious code programming no longer even requires programming skills. Although the malware generated so far seems to be relatively simple and only used for testing purposes, this could change quickly. Darknet forums are already discussing how access restrictions for ChatGPT can be circumvented.

Patch Tuesday for February 2023 is just around the corner. Microsoft releases patches for 75 CVE vulnerabilities, including three actively exploited zero-day vulnerabilities (CVE-2023-21715, CVE-2023-23376, CVE-2023-21823) that should be patched urgently to prevent system privilege malware in the worst case scenario.

The IT Security Act 2.0 (IT-SiG) has introduced new obligations for operators of critical infrastructures and energy supply networks. Among them is the use of an attack detection system (SzA), which must be proven to the Federal Office for Information Security (BSI) from 1 May 2023. With the Active Cyber Defense (ACD)-KRITIS, Allgeier secion offers a managed detection and response service that is already implemented and operational within 6 weeks!

Criminals are currently exploiting a critical vulnerability in VMware's "ESXi" virtualization platform to infiltrate malicious code and encrypt virtual hard disks. According to media reports, hundreds of companies and institutions in Germany alone could be impacted. The vulnerability has been known for two years - and patched. IT security managers should urgently install the security update published by the manufacturer to prevent their systems from being compromised.