Cybersecurity researchers are warning that vulnerabilities in a number of file switch merchandise are being exploited by hackers, even after a patch was launched by the developer.
The vulnerability — CVE-2024-50623 — was just lately patched by software program developer Cleo and impacts the corporate’s LexiCom, VLTransfer and Concord merchandise. Nevertheless, researchers at cybersecurity agency Huntress say the patch “doesn’t mitigate the software program flaw,” and that they’ve seen risk actors exploiting the bug “en masse” over the past week.
“This vulnerability is being actively exploited within the wild and totally patched programs working 5.8.0.21 are nonetheless exploitable,” Huntress mentioned. “We strongly advocate you progress any internet-exposed Cleo programs behind a firewall till a brand new patch is launched.”
A Cleo spokesperson confirmed that they recognized a vital vulnerability in situations of Cleo Concord, VLTrader and LexiCom merchandise.
“Promptly upon discovering the vulnerability, we launched an investigation with the help of exterior cybersecurity specialists, notified prospects of this subject and offered mitigation steps prospects ought to instantly take to handle the vulnerability whereas a patch is underneath improvement,” the spokesperson mentioned.
“Our investigation is ongoing. Prospects are inspired to test Cleo’s safety bulletin webpage repeatedly for updates.”
Huntress incident responders mentioned they’ve seen not less than 10 companies utilizing Cleo which have been compromised, including that there was an uptick in exploitation beginning on December 8.
“After some preliminary evaluation, nevertheless, we’ve got discovered proof of exploitation as early as December 3. Nearly all of prospects that we noticed compromised take care of shopper merchandise, meals business, trucking, and delivery industries,” the corporate defined.
“There are nonetheless a number of different corporations exterior of our rapid view who’re probably compromised as properly.”
Huntress has spoken to Cleo about its findings and confirmed that Cleo is creating a brand new CVE that will probably be patched by the center of the week. Huntress additionally printed detailed technical details about how incident responders can discover proof of exploitation and extra.
Cybersecurity skilled Kevin Beaumont mentioned Cleo initially printed a paywalled advisory for purchasers in regards to the subject earlier than releasing a extra restricted model publicly on Tuesday.
Beaumont famous that Termite ransomware group operators have been seen exploiting the vulnerability. The group made headlines final week for its assault on a distinguished software program firm utilized by dozens of main retailers.
Incident responders at cybersecurity agency Rapid7 confirmed Huntress’ findings and mentioned they’ve seen exploitation of the difficulty within the environments of their prospects.
File switch instruments have turn out to be some of the frequent targets for hackers and several other of the largest knowledge theft campaigns have been sourced again to common merchandise like MOVEit, GoAnywhere and Accellion.
Recorded Future
Intelligence Cloud.
Study extra.