Updating Software: Cleo rolls out a new patch as menacing groups intensify their exploitation of critical vulnerabilities (CVE)
In a recent development, cybersecurity firm Huntress has identified a zero-day vulnerability in Cleo Harmony, VLTrader, and LexiCom file transfer products. This vulnerability allows an unauthenticated user to import and execute arbitrary bash or PowerShell commands, posing a serious security risk.
Initially, Huntress found at least 10 organizations infected with the vulnerability, but the number has since grown. The research team at Huntress, led by Principal Security Researcher John Hammond, first disclosed the exploitation and raised concerns about the patch on Monday.
Sophos reports that nearly all affected customers have a branch operating within North America, with a majority of the targeted companies being retail organizations. Researchers at Rapid7 are currently investigating multiple incidents related to the vulnerability and have observed enumeration and post-exploitation activity.
Cleo, the manufacturer of the affected products, has released a new patch on Wednesday to address the critical vulnerability. The current patch (5.8.0.24) provides protection against both the old and the new vulnerability, according to John Hammond. However, Cleo has not yet assigned a CVE designation to the vulnerability, but described it as critical.
In light of this discovery, it is crucial for users to follow best practices for security. These include regular updates, strong access controls, network segmentation, monitoring and detection, and backup of critical data. Cleo has extended enhanced 24/7 customer support services to help customers address the vulnerability.
The Food and Agriculture ISAC is sharing intelligence with member organizations and urging companies to review their data backup strategies, patch management, email filtering, and endpoint protection. The ISAC advises users to consult the latest security advisories from Cleo and relevant security experts for specific guidance on addressing the Arbitrary File Read and Write vulnerabilities (CVE-2024-50623).
John Hammond advises Cleo customers to patch their systems as soon as possible to mitigate the risk of exploitation. It is essential to stay vigilant and proactive in maintaining the security of your systems, especially in the face of emerging threats like this zero-day vulnerability.
[1] Source:
- The discovery of a zero-day vulnerability in Cleo Harmony, VLTrader, and LexiCom file transfer products by cybersecurity firm Huntress has highlighted the importance of cybersecurity, data-and-cloud-computing, and privacy in today's general-news landscape.
- This vulnerability, which allows an unauthenticated user to import and execute arbitrary bash or PowerShell commands, underscores the need for strong cybersecurity measures, such as regular updates, strong access controls, network segmentation, monitoring and detection, and backup of critical data.
- The Food and Agriculture ISAC, in response to this critical situation, is sharing intelligence with member organizations and urging companies to review their data backup strategies, patch management, email filtering, and endpoint protection, emphasizing the need for vigilance in maintaining the security of one's systems, especially in the face of emerging threats like this zero-day vulnerability.
- As the criminal element in the crime-and-justice sector continues to exploit such vulnerabilities, it is crucial for individuals and organizations alike to remain aware and proactive, heeding the advice of experts like John Hammond, Principal Security Researcher at Huntress, who advises Cleo customers to patch their systems as soon as possible.
){kind=link}