December 12, 2024 at 06:08AM Cleo has updated its Harmony, VLTrader, and LexiCom file transfer tools to address a critical vulnerability (CVE-2024-50623) affecting several industries. The flaw allows unpatched systems to be exploited for file access and remote code execution. Security firms are analyzing related malware linked to ongoing attacks, suggesting widespread exploitation. ### Meeting … Read more
December 10, 2024 at 04:05PM The ransomware group “Termite” is exploiting a recently disclosed vulnerability (CVE-2024-50623) in Cleo’s file transfer software, impacting multiple sectors. Although Cleo is developing a new patch, existing versions, including the patched one, remain vulnerable. Researchers advise immediate protective measures for exposed systems until a fix is released. ### Meeting Takeaways: … Read more
December 10, 2024 at 11:48AM Users of Cleo-managed file transfer software are urged to secure their systems due to exploitation of a remote code execution vulnerability (CVE-2024-50623). Despite patches, the issue persists, affecting products like Cleo Harmony and VLTrader. At least 10 companies have been compromised, with evidence of ransomware involvement. ### Meeting Takeaways – … Read more
December 10, 2024 at 09:48AM Huntress warned of an exploited vulnerability (CVE-2024-50623) in Cleo’s file transfer products, affecting over 1,700 servers, mostly in consumer and shipping sectors. Despite a patch, it failed to secure systems, allowing unauthorized access and persistent threats. Cleo plans to release a new patch shortly. **Meeting Takeaways:** 1. **Vulnerability Identified**: Huntress … Read more