Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Security researchers warn that hackers are actively exploiting another high-risk vulnerability in a popular file transfer technology to launch mass hacks.
The vulnerability, tracked as CVE-2024-50623, affects software developed by Cleo, an enterprise software company based in Illinois, according to researchers at the Huntress cybersecurity company.
The flaw was first reported by Cleo safety advice On October 30, it warned that the exploit could lead to remote code execution. This affects Cleo’s LexiCom, VLTransfer and Harmony tools used by businesses to manage file transfers.
Cleo released a patch for the vulnerability in October, but now blog on monday Huntress warned that the patch does not mitigate the software flaw.
Huntress security researcher John Hammond said the company has seen threat actors “using this software in large numbers” since December 3. He added that over 1,700 Cleo discovered at least 10 businesses with Huntress servers protecting LexiCom, VLTransfer and Harmony servers. they compromised.
“Victim organizations so far have included a variety of consumer products companies, logistics and shipping organizations, and food suppliers,” Hammond said, adding that many other customers were at risk of being hacked.
Shodan, a search engine for publicly available devices and databases, lists hundreds of sensitive Cleo servers, most of which are located in the United States
There’s Cleo More than 4200 customersincluding US biotech company Illumina, sneaker giant New Balance and Dutch logistics firm Portable.
Huntress has not yet identified the threat actor behind these attacks, and it is unknown if any data from affected Cleo customers was stolen. However, Hammond noted that the company has observed hackers carrying out “post-exploit activity” after compromising sensitive systems.
Cleo did not respond to TechCrunch’s questions and has yet to release a patch to protect against the flaw. Huntress recommends that Cleo customers move any internet-exposed systems behind a firewall until a new patch is released.
Enterprise file transfer tools are a popular target for hackers and extortion groups. Last year, the Russian-linked Clop ransomware network claimed thousands of victims. Exploiting a zero-day vulnerability in Progress Software’s MOVEit Transfer product. The same gang had previously taken credit for mass exploitation Vulnerability in Fortra’s GoAnywhere managed file transfer programIt has been used to target over 130 organizations.
