Risky Business cover image

Risky Business

Risky Business #774 -- Cleo file transfer appliances under widespread attack

Dec 11, 2024
Jacob Torrey, an expert from Thinkst Canary, dives into the critical flaws in Cleo file transfer appliances and the ongoing exploitation by ransomware groups. He also discusses Snowflake's upcoming shift to mandatory multi-factor authentication to combat credential theft. With a focus on innovative cybersecurity techniques, Torrey reveals fascinating operating system tricks, including canary tokens that can trigger alarms in your environment. Plus, he delves into the complexities of enhancing security in Windows, keeping attackers at bay!
01:02:28

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

  • Defending 'off the land' emphasizes leveraging existing Windows tools for improved visibility and security against intrusions.
  • Cleo file transfer appliances face significant risks due to a critical vulnerability, highlighting the urgency for proactive vulnerability management.

Deep dives

Defending Off the Land Concept

The podcast discusses the concept of 'defending off the land,' which revolves around utilizing existing tools and configurations in Windows environments to enhance security and visibility. This approach contrasts with the common strategy of attackers living off the land by exploiting resources already present in the system. By leveraging built-in features and customizing them, defenders can create alerts for suspicious behavior that typically go unnoticed, such as the execution of specific commands indicative of an intrusion. The discussion introduces various practical techniques to implement these defensive measures in a way that is effective without requiring heavy third-party software.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner