Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack

December 10, 2024 at 08:44AM Huntress reports widespread exploitation of a vulnerability in Cleo file management products, affecting patched systems. The bug, CVE-2024-50623, allows remote code execution, impacting over 1,700 servers. At least ten customers are compromised, prompting Huntress to recommend firewall protection and other mitigations while awaiting an updated patch from Cleo. ### Meeting … Read more

Hackers Exploit Default Credentials in FOUNDATION Software to Breach Construction Firms

September 19, 2024 at 12:21PM Cybersecurity company Huntress has identified threat actors targeting the construction sector by infiltrating the FOUNDATION Accounting Software. Attackers use brute force to exploit default credentials, gaining access to plumbing, HVAC, concrete, and related sub-industries. To mitigate risk, it’s advised to rotate default credentials, avoid exposing the application over the public … Read more

Contractor Software Targeted via Microsoft SQL Server Loophole

September 18, 2024 at 05:09PM Threat actors have been targeting Foundation accounting software used in construction, exploiting vulnerabilities in plumbing, HVAC, and concrete sub-industries. Researchers at Huntress discovered the threat, involving host/domain enumeration commands. The software’s MSSQL instance allows mobile app access, potentially exposing TCP port 4243 to the public. Organizations are advised to rotate … Read more

Threat Actors Target Accounting Software Used by Construction Contractors

September 18, 2024 at 11:14AM Huntress warns of cyberattacks targeting Foundation Accounting Software, widely used in construction. Threat actors are brute forcing the application and exploiting default credentials, compromising organizations in various sub-industries. The attackers target MSSQL accounts, execute OS commands, and automate attacks. Only 33 publicly exposed hosts running the software with unchanged default … Read more