Cleo File Transfer Software Faces Renewed Zero-Day Exploits

December 10, 2024 at 11:22 AM

•

1 min read

Cleo File Transfer Software Faces Renewed Zero-Day Exploits — Photo: TechCrunch

TL;DR Summary

Hackers are exploiting a high-risk vulnerability, CVE-2024-50623, in Cleo's file transfer tools, affecting LexiCom, VLTransfer, and Harmony, despite a patch released in October. Huntress researchers report mass exploitation since December 3, compromising at least 10 businesses, including consumer product and logistics companies. Cleo has not responded to inquiries or released a fully effective patch, prompting recommendations to firewall vulnerable systems. The incident highlights ongoing risks in enterprise file transfer tools, similar to past attacks on MOVEit Transfer and GoAnywhere software.

Topics:top-news #cleo #cyberattack #cybersecurity #file-transfer #patch #vulnerability

Share this article

Hackers are exploiting a flaw in popular file-transfer tools to launch mass hacks, again TechCrunch
New Cleo zero-day RCE flaw exploited in data theft attacks BleepingComputer
Fully patched Cleo products under renewed 'zero-day-ish' mass attack The Register
Cleo File Transfer Vulnerability Under Active Exploitation – Urgent Updates Required The Hacker News
Attackers exploit vulnerability in Cleo file transfer software TechTarget

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

79%

376 → 80 words

Want the full story? Read the original article

Read on TechCrunch

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights