WK Kellogg confirms employee data breach tied to Cleo file-transfer flaw
This story was originally published on Cybersecurity Dive. To receive daily news and insights, subscribe to our free daily Cybersecurity Dive newsletter.
WK Kellogg Co. confirmed that at least one employee was affected in a December hack related to a vulnerability in Cleo file-transfer software, according to a regulatory filing with the Maine Attorney General's office.
The Michigan-based breakfast cereal company said Cleo servers, which were used to transfer employee files, were hacked on Dec. 7. WK Kellogg said it first learned of the hacking incident on Feb. 27.
The breached data included the name and Social Security number of one employee based in Maine. However, it is not immediately known if the personal data of other employees was also breached.
As previously reported, critical flaws in Cleo file-transfer software came under mass exploitation in December.
Cleo originally released a patch in October 2024 to address an unrestricted file upload and download vulnerability, tracked as CVE-2024-50623, in Cleo Harmony, VLTrrader and LexiCom file-transfer products.
However, security researchers found the patch did not offer adequate protection from hacking.
A second vulnerability, tracked as CVE-2024-55956, was discovered in December; it allows unauthenticated users to import or execute arbitrary bash or PowerShell commands.
Researchers from Arctic Wolf said in December that Cleo MFT products were being exploited as part of an effort to deploy Java-based backdoors.
'At the time of publication, the motivations of the threat actors had not been fully elucidated,' a spokesperson for Arctic Wolf said via email. 'Since then, [Clop] has published a message on their leak site claiming responsibility for some of the ransomware threat activity targeting organizations running Cleo products.'
Researchers at Mandiant traced a cluster of malicious activity to a threat actor tracked as FIN11, which overlaps with the Clop ransomware gang. Clop is most widely known as the group linked to the widespread attacks on MOVEit file-transfer software in 2023.
Just last week, Sam's Club said it was investigating a potential attack after Clop referenced the company on its leak site.
A spokesperson for WK Kellogg was not immediately available for comment.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
UPI
37 minutes ago
- UPI
ISIS claims responsibility for 2 bomb explosions in Syria
ISIS forces in a remote region in southern Syria claimed responsibility for two bombings targeting vehicles carrying soldiers and others on Wednesday and Thursday. Photo by Fayyaz Ahmad/EPA-EFE May 31 (UPI) -- The Islamic State claimed responsibility for two bomb attacks in a remote region in southern Syria on Wednesday and Thursday. The twin bombings mark the first time ISIS has attacked the new Syrian government that took power in December and occurred in the remote Sweida Province. ISIS posted two online statements on Thursday claiming responsibility for the bombings that killed and wounded Syrian soldiers and militia members who are allied with the Syrian government, The New York Times reported. An attack occurred on Wednesday and struck a Syrian Army reconnaissance group that was tracking ISIS activities in the remote desert area, CNN reported. Those wounded in that attack are members of the Syrian Army's 70th Division, and the man who died was assisting the soldiers, according to Tthe New York Times. ISIS used a remote-controlled land mine to target the vehicle in which they were traveling, the British-based Syrian Observatory for Human Rights announced. That attack occurred in the eastern portion of the Sweida Province and was the first attack carried out by ISIS and targeting forces allied with the new Syrian government. A second bombing occurred on Thursday in the same region, according to news reports and ISIS. ISIS said it killed and injured seven soldiers for the "apostate Syrian regime" by using an explosive device on a road in the Talul al Safa area in the Suwayda province in southern Syria, Al Jazeera reported. Both attacks occurred near Sweida in southern Syria, which is a mountainous desert area in which ISIS has operated for many years. Neither the Syrian government nor the Free Syrian Army has commented on either bombing. The United States backs the Free Syrian Army, which operates in the Sweida region's al Tanf Deconfliction Zone that is located near Syria's borders with Egypt and Jordan. The United States maintains a small outpost in the area. ISIS also has operated in the area for a long time due to its "extremely rugged and dangerous" terrain, CNN reported. Earlier this month, U.S. President Donald Trump said he he was lifting "crippling" U.S. sanctions on Syria originally imposed to block flows of money into Syria, including aid, to put pressure on the brutal regime of ousted President Bashar al-Assad. He met with the country's transitional leader, President Ahmed al-Sharaa, in Riyadh, Saudi Arabia on May14. Al-Sharaa, who was appointed president in January, has promised to hold elections once a new constitution is in place in around four years.
Yahoo
40 minutes ago
- Yahoo
German chancellor to travel to US to meet with Trump
German Chancellor Friedrich Merz will travel to Washington next week for his first visit since taking office, where he is scheduled to meet with US President Donald Trump. Source: Politico, a Brussels-based politics and policy news organisation, citing the German government press service, as reported by European Pravda Details: Merz will travel to the US on 4 May for his first visit under the new German government. His meeting with Trump is set for Thursday 5 June, followed by a joint press conference. At the meeting with Trump, they will discuss the Russo-Ukrainian war, the situation in the Middle East and trade issues. Background: Merz has repeatedly engaged in public disputes with the US administration, particularly after criticism from Secretary of State Marco Rubio and Vice President JD Vance regarding the classification of the far-right Alternative for Germany party as right-wing extremist. Merz stressed that neither Germany nor he personally interfered in the US election campaign or supported any candidate, and he expects the same attitude from the American administration. This week, the German chancellor stated that Europe is ready to fight for its fundamental values – freedom and democracy – thus responding to repeated criticism of the EU by the Trump administration and, in particular, Vice President Vance's infamous speech at the Munich Security Conference. Support Ukrainska Pravda on Patreon!
Yahoo
40 minutes ago
- Yahoo
Norfolk-based USS Gravely captures hundreds of pounds of cocaine worth over $13 million
The Norfolk-based USS Gravely last week seized more than 850 pounds of narcotics while in the Caribbean Sea. The ship's search and seizure team had boarded a 'vessel of interest' on May 25 and found 19 bales of cocaine, according to a news release from the Navy. A spokesperson for the Navy said the drugs had a street value of $13.6 million. 'Seamless integration of U.S. Navy and U.S. Coast Guard maritime assets (are) integral to border protection — this is an excellent example of that teamwork,' said Vice Adm. Doug Perry, commander of the U.S. 2nd Fleet. 'Border security is national security.' The USS Gravely has been in the gulf since March 15 and works with Coast Guard personnel to target drug trafficking, illegal immigration and transnational crime.
