Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In December 2024, Arctic Wolf Labs observed a mass exploitation campaign involving Cleo Managed File Transfer (MFT) products for initial access. The execution chain involved an obfuscated PowerShell stager, a Java loader, and ultimately a Java-based backdoor, which we will refer to as Cleopatra. In this article we will provide insight into the execution chain in this campaign, obfuscated malicious payloads deployed, and surrounding threat intelligence context around these activities.

On December 11, 2024, Cleo released patches addressing the zero-day vulnerability recently observed in attacks targeting Cleo Managed File Transfer (MFT) products. This vulnerability allowed unauthenticated threat actors to import and execute arbitrary shell commands on Windows and Linux on affected devices by exploiting default settings of the Autorun directory. The fix is included in version 5.8.0.24, and is now available for Cleo Harmony, VLTrader, and Lexicom.

Did you know that 59% of organizations have been hit by ransomware, with Active Directory (AD) often being the primary target for attackers seeking credential theft and privilege escalation? With AD being basically the heart of enterprise IT from the permissions management and granting view, these ransomware threats automatically go against it and hence protecting them is pretty much important so to keep the organization safe.

For decades, we have all been warned to be appropriately skeptical of internet search engine results. Sadly, most people are not. Most people think that what Google, Bing, or Duck Duck Go brings back is heaven sent and can be trusted. It cannot. Results often include malicious links from search engine optimization (SEO) poisoning, where the attacker has been able to trick the search engine into returning its URL when a user searches for something.

Learn essential strategies for effective compliance management to ensure adherence to regulations and standards while mitigating risks and enhancing security.

How many questions does your organization need to answer about your endpoints every day, and how long does it typically take to get the answer? How often do these questions require an operator with great expertise to provide accurate answers? Do the questions feel like they are resulting in fire drills for your teams?

In a co-ordinated international effort, the law enforcement agencies of 15 countries have made the holiday season a little less stressful for companies and consumers - by seizing control of some of the internet's most popular DDoS-for-hire services. Operation PowerOFF has disrupted what was anticipated to be a surge of distributed denial-of-service (DDoS) attacks over the Christmas period by taking over two dozen "booter" or "stresser" websites offline.