Cleo Calls on Customers to Address Actively Exploited Vulnerability as Iran-Linked Threat Actor Unleashes New ICS Malware.

Published:

Cybersecurity Roundup: Key Developments in Vulnerabilities and Threats

In the ever-evolving landscape of cybersecurity, recent developments highlight the urgent need for vigilance and proactive measures. From actively exploited vulnerabilities to sophisticated cyberattacks, organizations must stay informed to protect their assets and data. Here’s a detailed overview of the latest significant events in the cybersecurity realm.

Cleo Urges Customers to Patch Actively Exploited Vulnerability

Cleo, a file-transfer software company, has issued a strong warning to its customers regarding an actively exploited vulnerability affecting its Harmony, VLTrader, and LexiCom products. The vulnerability, which allows unauthenticated users to execute arbitrary commands on the host system, was initially patched in October. However, researchers from Huntress and others found the patch inadequate, prompting Cleo to release an updated fix. The widespread exploitation of this flaw has been confirmed, with evidence of threat actors using a Java-based backdoor named "Cleopatra" to gain initial access.

Iran-Linked Threat Actor Deploys New ICS Malware

In a concerning development, researchers at Claroty have identified a new strain of IoT/OT malware named "IOCONTROL," linked to Iranian attackers targeting devices in Israel and the United States. This malware has been used to compromise various IoT and SCADA/OT devices, including fuel management systems. The attacks have raised alarms due to their potential impact on critical infrastructure, particularly in the energy sector.

Chinese APT Abuses Visual Studio Code Tunnels for C2 Purposes

A report from SentinelOne has revealed a Chinese cyberespionage campaign that exploited Visual Studio Code Remote Tunnels for command-and-control operations. This technique, originally designed for remote development, provides attackers with extensive access to endpoints, making it a powerful tool for cybercriminals. The campaign targeted large IT service providers in Southern Europe and was disrupted early in its execution.

Radiant Capital Attributes $50 Million Cryptocurrency Theft to DPRK Hackers

Radiant Capital, a decentralized finance protocol, has linked a significant $50 million cryptocurrency theft to North Korean hackers. The incident, which occurred following a social engineering attack, involved a developer inadvertently installing a backdoor after opening a malicious file. This incident underscores the persistent threat posed by state-sponsored cybercriminals in the cryptocurrency space.

I-O Data Still Working on Patches for Two Router Zero-Days

Japanese device manufacturer I-O Data is currently addressing two zero-day vulnerabilities affecting its routers. These flaws, which could lead to authentication information disclosure and arbitrary command execution, are actively being exploited. The company has advised customers to implement temporary mitigations until patches are available, emphasizing the importance of securing network devices.

Nemesis and ShinyHunters Target Misconfigured Websites

Security researchers have uncovered a widespread hacking operation involving the Nemesis and ShinyHunters threat actors, who exploited vulnerabilities in misconfigured public websites. The operation resulted in the exposure of sensitive data and credentials, highlighting the risks associated with improper website configurations. This incident serves as a reminder for organizations to regularly audit their web applications for security weaknesses.

Romanian Energy Company Hit by Ransomware

Electrica, a Romanian energy supplier, has fallen victim to a ransomware attack. The company is working closely with national cybersecurity authorities to manage the incident and minimize its impact on electricity distribution. Initial investigations confirm that the attack was indeed ransomware, prompting swift action to secure critical systems.

Researchers Describe Nova, a New Version of the Snake Keylogger

A new variant of the Snake Keylogger, named Nova, has been identified by researchers at ANY.RUN. This advanced malware employs sophisticated evasion techniques and is distributed via phishing emails. Once installed, Nova can harvest sensitive information, including passwords and credit card details, making it a significant threat to individuals and organizations alike.

Microsoft Patches Against Technique to Bypass Multifactor Authentication

In a critical update, Microsoft has addressed a vulnerability in its multifactor authentication (MFA) implementation that could allow attackers to bypass security measures. Researchers from Oasis Security discovered that the flaw could enable unauthorized access to user accounts. Microsoft has since implemented stricter rate limits to enhance security and prevent exploitation.

Patch News

Microsoft’s recent Patch Tuesday release included fixes for 71 vulnerabilities, including an actively exploited zero-day affecting the Windows Common Log File System. This highlights the ongoing need for organizations to stay updated with security patches to mitigate risks associated with known vulnerabilities.

Crime and Punishment

In a coordinated effort, Europol has successfully shut down 27 popular platforms used for launching DDoS attacks, arresting three administrators in the process. Additionally, Belgian and Dutch authorities have apprehended individuals involved in large-scale phone phishing operations across Europe. These law enforcement actions demonstrate a commitment to combating cybercrime and protecting individuals from malicious activities.


As cyber threats continue to evolve, organizations must prioritize cybersecurity measures, including timely patching, employee training, and robust incident response plans. Staying informed about the latest vulnerabilities and threat actor tactics is essential for maintaining a strong security posture in today’s digital landscape.

Related articles

Recent articles