Security researchers are warning that hackers are actively exploiting one other high-risk vulnerability in a preferred file switch know-how to launch mass hacks.
The vulnerability, tracked as CVE-2024-50623, impacts software program developed by Illinois-based enterprise software program firm Cleo, in line with researchers at cybersecurity firm Huntress.
The flaw was first disclosed by Cleo in a safety advisory on October 30 which warned that exploitation might result in distant code execution. It impacts Cleo’s LexiCom, VLTransfer, and Harmony instruments, that are generally utilized by enterprises to handle file transfers.
Cleo launched a patch for the vulnerability in October, however in a weblog on Monday Huntress warned that the patch doesn’t mitigate the software program flaw.
Huntress safety researcher John Hammond mentioned the corporate has noticed risk actors “exploiting this software program en masse” since December 3. He added that Huntress — which protects greater than 1,700 Cleo LexiCom, VLTransfer, and Harmony servers — has found at the very least 10 companies whose servers had been compromised.
“Victim organizations thus far have included numerous shopper product firms, logistics and transport organizations, and meals suppliers,” wrote Hammond, including that many different clients are susceptible to being hacked.
Shodan, a search engine for publicly obtainable gadgets and databases, lists a whole lot of susceptible Cleo servers, nearly all of that are situated within the U.S.
Cleo has greater than 4,200 clients, together with U.S. biotechnology firm Illumina, sports activities footwear large New Balance, and Dutch logistics agency Portable.
Huntress has not but recognized the risk actor behind these assaults and it’s not recognized whether or not any information has been stolen from impacted Cleo clients. However, Hammond famous that the corporate has noticed hackers performing “post-exploitation exercise” after compromising susceptible methods.
Cleo didn’t reply to TechCrunch’s questions and has not but launched a patch that protects towards the flaw. Huntress recommends that Cleo clients transfer any internet-exposed methods behind a firewall till a brand new patch is launched.
Enterprise file switch instruments are a preferred goal amongst hackers and extortion teams. Last 12 months, the Russia-linked Clop ransomware gang claimed hundreds of victims by exploiting a zero-day vulnerability in Progress Software’s MOVEit Transfer product. The similar gang had beforehand taken credit score for the mass exploitation of a vulnerability in Fortra’s GoAnywhere managed file switch software program, which was used to focus on greater than 130 organizations.
