#CleoSecurity

Cleo patches critical zero-day exploited in data theft attacks

by

December 12, 2024 at 12:09PM Cleo has released urgent security patches for a zero-day vulnerability in its LexiCom, VLTransfer, and Harmony software, actively exploited in data theft attacks linked to the Termite ransomware gang. Customers are advised to upgrade to version 5.8.0.24 to enhance security and mitigate risks from these breaches. ### Meeting Takeaways 1. … Read more

Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises

by

December 10, 2024 at 09:48AM Huntress warned of an exploited vulnerability (CVE-2024-50623) in Cleo’s file transfer products, affecting over 1,700 servers, mostly in consumer and shipping sectors. Despite a patch, it failed to secure systems, allowing unauthorized access and persistent threats. Cleo plans to release a new patch shortly. **Meeting Takeaways:** 1. **Vulnerability Identified**: Huntress … Read more