Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Arctic Wolf

Cleopatra's Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software

Dec 12, 2024 By Stefan Hostetler, Julian Tuin, Aaron Diaz, Jon Grimm, and Cole Bosma In Arctic Wolf
In December 2024, Arctic Wolf Labs observed a mass exploitation campaign involving Cleo Managed File Transfer (MFT) products for initial access. The execution chain involved an obfuscated PowerShell stager, a Java loader, and ultimately a Java-based backdoor, which we will refer to as Cleopatra. In this article we will provide insight into the execution chain in this campaign, obfuscated malicious payloads deployed, and surrounding threat intelligence context around these activities.
Read Post
trilio

Cold Data Storage: How to Optimize Your Data Storage Strategy

Dec 12, 2024 By David Safaii In Trilio
Organizations face mounting pressure as their data storage needs multiply each year. The challenge lies in managing vast amounts of information that must be preserved but rarely sees active use. Cold data storage offers a smart solution for storing this infrequently accessed data while keeping costs under control. Cold storage systems excel at housing compliance archives, historical records, and backup files, all while maintaining accessibility when these assets are needed.
Read Post
Trustwave

Analyzing Salt Typhoon: Telecom Attacker

Dec 12, 2024 By Trustwave In Trustwave
Salt Typhoon is a Chinese-speaking threat actor that the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have tied to a series of attacks that breached and exfiltrated data from several of the world's most prominent telecommunications companies. Trustwave SpiderLabs has created a deep analysis of the threat group Salt Typhoon, detailing the group's history, techniques, tactics, and procedures (TTP), and preferred targets.
Read Post

Securing Infrastructure Access at Scale in Large Enterprises

Dec 12, 2024 By Teleport In Teleport
The complexity and scale of computing infrastructure has exploded in recent years. In larger organizations, managing access, identities, and policies for people and machines to securely access diverse infrastructure resources – such as physical machines and servers, clouds, software apps, services, APIs – is a daunting task. The larger the organization, the more costly and difficult it becomes to wrangle the complexity of this infrastructure in a way that is secure, efficient, and resilient.
View Video
upguard

What is Cyber Threat Detection and Response?

Dec 12, 2024 By Edward Kost In UpGuard
To compete in an era of dynamic, multimodal cyberattacks, cybersecurity programs must become multidimensional, capable of simultaneously contending with a wide range of cyber threats. In this post, we explain how your organization can develop such a multipronged approach with a branch of cybersecurity known as cybersecurity threat detection.
Read Post
sumologic

Unique approaches to MITRE ATT&CK-make the most of its potential

Dec 12, 2024 By Christopher Beier In Sumo Logic
Cybersecurity frameworks often feel as exciting as tax codes and instruction manuals, useful but not exactly captivating. Yet, the MITRE ATT&CK framework has managed to capture the attention of security professionals worldwide by mapping out adversary tactics, techniques, and procedures (TTPs). Many organizations don’t operationalize MITRE ATT&CK’s potential fully, using the framework in predictable ways. But it doesn’t have to be that way.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.