Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Cleo Releases Patches for Cleo MFT Zero-day Vulnerability

On December 11, 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed unauthenticated threat actors to import and execute arbitrary shell commands on Windows and Linux on affected devices by exploiting default settings of the Autorun directory. The fix is included in version 5.8.0.24, and is now available for Cleo Harmony, VLTrader, and Lexicom.

Cleopatra's Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software

In December 2024, Arctic Wolf Labs observed a mass exploitation campaign involving Cleo Managed File Transfer (MFT) products for initial access. The execution chain involved an obfuscated PowerShell stager, a Java loader, and ultimately a Java-based backdoor, which we will refer to as Cleopatra. In this article we will provide insight into the execution chain in this campaign, obfuscated malicious payloads deployed, and surrounding threat intelligence context around these activities.

Cold Data Storage: How to Optimize Your Data Storage Strategy

Organizations face mounting pressure as their data storage needs multiply each year. The challenge lies in managing vast amounts of information that must be preserved but rarely sees active use. Cold data storage offers a smart solution for storing this infrequently accessed data while keeping costs under control. Cold storage systems excel at housing compliance archives, historical records, and backup files, all while maintaining accessibility when these assets are needed.

Analyzing Salt Typhoon: Telecom Attacker

Salt Typhoon is a Chinese-speaking threat actor that the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have tied to a series of attacks that breached and exfiltrated data from several of the world's most prominent telecommunications companies. Trustwave SpiderLabs has created a deep analysis of the threat group Salt Typhoon, detailing the group's history, techniques, tactics, and procedures (TTP), and preferred targets.

Securing Infrastructure Access at Scale in Large Enterprises

The complexity and scale of computing infrastructure has exploded in recent years. In larger organizations, managing access, identities, and policies for people and machines to securely access diverse infrastructure resources – such as physical machines and servers, clouds, software apps, services, APIs – is a daunting task. The larger the organization, the more costly and difficult it becomes to wrangle the complexity of this infrastructure in a way that is secure, efficient, and resilient.

What is Cyber Threat Detection and Response?

To compete in an era of dynamic, multimodal cyberattacks, cybersecurity programs must become multidimensional, capable of simultaneously contending with a wide range of cyber threats. In this post, we explain how your organization can develop such a multipronged approach with a branch of cybersecurity known as cybersecurity threat detection.

Unique approaches to MITRE ATT&CK-make the most of its potential

Cybersecurity frameworks often feel as exciting as tax codes and instruction manuals, useful but not exactly captivating. Yet, the MITRE ATT&CK framework has managed to capture the attention of security professionals worldwide by mapping out adversary tactics, techniques, and procedures (TTPs). Many organizations don’t operationalize MITRE ATT&CK’s potential fully, using the framework in predictable ways. But it doesn’t have to be that way.