December 10, 2024 at 09:48AM
Huntress warned of an exploited vulnerability (CVE-2024-50623) in Cleo’s file transfer products, affecting over 1,700 servers, mostly in consumer and shipping sectors. Despite a patch, it failed to secure systems, allowing unauthorized access and persistent threats. Cleo plans to release a new patch shortly.
**Meeting Takeaways:**
1. **Vulnerability Identified**: Huntress reported an exploited vulnerability (CVE-2024-50623) in Cleo’s file transfer products, impacting Harmony, VLTrader, and LexiCom.
2. **Improperly Patched Issue**: Cleo had released version 5.8.0.21 to address this vulnerability but it failed to patch the issue adequately.
3. **Active Exploitation**: Threat actors have actively exploited this vulnerability, particularly since December 3, with a noticeable increase in attack attempts observed on December 8.
4. **Affected Organizations**: At least 10 businesses have been compromised, with attacks noted against approximately 1,700 servers. Most compromised customers are from the consumer products, food, trucking, and shipping industries.
5. **Security Firms’ Involvement**: Rapid7 has confirmed similar exploitation activities, including post-exploitation behaviors.
6. **Mitigation Efforts**: Huntress has provided indicators of compromise (IoCs) for detection and prevention recommendations to help organizations defend against the attacks.
7. **Cleo’s Response**: Cleo is reportedly working on a new patch expected to be released mid-week, which will come with a new CVE identifier.
8. **Advisory Updates**: Cleo updated its advisory with mitigation recommendations, accessible only to logged-in users.
9. **Further Information Pending**: SecurityWeek will provide updates if Cleo comments on the situation.
10. **Historical Context**: The incident recalls the MOVEit hack that exploited a zero-day vulnerability to compromise numerous organizations, highlighting the potential scale of the threat.