Ich mag Rätsel und manche besonders…
Zu einem ganz besonderem haben @evawolfangel und ich zwei spannende Storyfolgen aufgenommen.
.
#Cleo - Das Mathemysterium… Eine geheimnisvolle Userin in einem Mathe-Forum die in kürzester Zeit, die schwersten Aufgaben zu lösen scheint.
.
Wer dahinter steckt treibt die Mathecommunity mehr als zehn Jahre um. Heute gibt’s die Auflösung. Schreibt uns, wie es euch gefallen hat.
Recent searches
Search options
#cleo
0 posts0 participants0 posts today
Continued thread
Cl0p have started publishing the stolen Cleo MFT data. Have confirmed with one of the victim orgs it came from their Cleo server. #cleo #threatintel #ransomware
#Clop #ransomware gang names dozens of victims hit by #Cleo mass-hack, but several firms dispute breaches
TechCrunch · Clop ransomware gang names dozens of victims hit by Cleo mass-hack, but several firms dispute breaches | TechCrunchThe Russia-linked ransomware group is threatening to leak data stolen from almost 60 Cleo Software customers if ransoms aren't paid
"Hiring a human money manager can easily cost a few thousand dollars, so more people, especially younger users, are turning to AI tools for advice. From Apple’s top charts of free finance apps, I decided to try two well-reviewed options offering up chatbots intended to fix money woes: Cleo AI and Bright.
Both Cleo AI and Bright encourage users to connect their bank account to the app through a third-party service called Plaid. This allows the chatbots to break down spending habits, help users pay off debt, and build credit. “Using the bank data and what you've said to us, Cleo will be your kind of confidant or coach,” says Barney Hussey-Yeo, the company’s CEO and founder. “She'll provide the right advice and the right products to help you make better financial decisions.”
Fair enough, but some of the guidance Cleo gave me veered from that path. While it had engaging moments, like an amicable roast highlighting where I overspent in unnecessary ways, the generative AI tool seemed mainly preoccupied with using my personal data for upselling opportunities. Bright was the same."
https://www.wired.com/story/ai-financial-advisers-apps-chatbots/
WIRED · AI Financial Advisers Target Young People Living Paycheck to Paycheck
Hero collector Space battler. FREE DEMO available on steam!!! http://store.steampowered.com/app/3106150/El #indiegamedev #throwbackthursday #faker #kadokawa #overwatch2sweepstakes #AstroBot #switch2 #cleo
Full Rapid7 analysis of #Cleo CVE-2024-55956 now available c/o @stephenfewer. It's neither a patch bypass of CVE-2024-50623 nor part of a chain after all — totally new bug, different exploitation strategies across the two issues (though the same endpoint gets used either way).
I'm not sure it's been mentioned much yet that Cleo evidently released IOCs related to CVE-2024-50623 in October 2024, implying the older bug's been exploited for a minute. Would sure be helpful to know more about who was doing that exploiting, particularly now that Cl0p has claimed credit for last week's attack.
https://attackerkb.com/topics/geR0H8dgrE/cve-2024-55956/rapid7-analysis
CISA added Cleo to the KEV. That might be old news, I had a day.
Cybersecurity and Infrastructure Security Agency CISACISA Adds One Known Exploited Vulnerability to Catalog | CISA
Continued thread
CISA have added the new CVE for the Cleo zero day to KEV.
MastodonCISA KEV Tracker (@cisakevtracker@mastodon.social)CVE ID: CVE-2024-50623
Vendor: Cleo
Product: Multiple Products
Date Added: 2024-12-13
Vulnerability: Cleo Multiple Products Unrestricted File Upload Vulnerability
Notes: https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update ; https://nvd.nist.gov/vuln/detail/CVE-2024-50623
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2024-50623
Continued thread
Had the threat actor gone more slowly and hit orgs prone to cover ups (ie large enterprises) that would have been a very different outcome.
The smaller Managed Detection and Response vendors have the window to do something very funny and talk about things rather than doing a CrowdStrike, MS etc and doing a cover up - it breaks the race to the bottom, and is one area where the market is getting healthier.
Continued thread
I think the Cleo thing shows the industry and community working very well, btw.
From zero day in an MFT product to approx 2/3rd of servers now offline or patched in days. As far as I know, since mass exploitation began (important caveat) none of the victims had follow on activity, ie ransomware.
That’s a really good outcome. The reason, I think, is openness and transparency - Huntress went public early and everybody leaped on it loudly in the community. Be more open.
Continued thread
Another write up on the Cleo zero day: https://arcticwolf.com/resources/blog/cleopatras-shadow-a-mass-exploitation-campaign/
Arctic Wolf · Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software - Arctic WolfKey Takeaways Cleo MFT products were exploited by threat actors to deploy a malicious PowerShell stager, culminating in the execution of a Java-based backdoor we are dubbing Cleopatra. The campaign began on 7 December 2024, and is ongoing as of the publication of this article. The Cleopatra backdoor supports in-memory file storage and is designed ... Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software
Continued thread
A writeup on the Cleo vulnerabilities, which are under mass exploitation now. Write any file into any folder by using path=..\..\..\ - since it's a webapp, just drop a webshell.
Continued thread
Sophos says they have seen 50+ systems with Cleo enterprise file transfer product zero day exploitation. Huntress say 28+ customers so far. Rapid7 haven’t given numbers.
Continued thread
"In an emailed statement given to TechCrunch, Jorge Rodriguez, SVP of product Development at Cleo, said that a patch for the critical vulnerability is “under development.”
TechCrunch · Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again | TechCrunchThreat actors are exploiting a high-risk bug in Cleo software - and Huntress warns that fully-patched systems are vulnerable
Continued thread
After my toot Cleo have issued a public advisory, they're saying versions up to 5.8.0.23 (not out yet) are impacted.
In terms of threat intel, the ransomware operators I know of only have an exploit for the Windows versions, not Linux.
https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Advisory-CVE-Peding
Continued thread
Rapid7 say "As of December 10, Rapid7 MDR has confirmed successful exploitation of this issue in customer environments; similar to Huntress, our team has observed enumeration and post-exploitation activity and is investigating multiple incidents." https://www.rapid7.com/blog/post/2024/12/10/etr-widespread-exploitation-of-cleo-file-transfer-software-cve-2024-50623/
Continued thread
Cleo have issued a (paywalled) advisory about the zero day, saying a new CVE number is being allocated.
Continued thread
i would fully pull the plug on impacted Cleo products until there's vendor clarity btw
Shodan dork (not exhaustive) - the Windows ones are a particular problem in terms of ransomware.
https://beta.shodan.io/search?query=http.html_hash%3A1534766930