Cleo's File Transfer Software Hit by Zero-Day Vulnerability, 10 Businesses Compromised
Cleo, a leading file transfer software company, is facing a serious security threat. At least 10 businesses have been compromised due to a zero-day vulnerability in Cleo's products, with attacks dating back to December 3, 2024. The vulnerability, identified as CVE-2024-50623, affects Cleo Harmony, VLTrader, and LexiCom products. The attacks bear similarities to previous Clop group operations targeting managed file transfer software.
The affected industries include consumer products, food, trucking, and shipping. Cleo initially released an advisory urging customers to upgrade to version 5.8.0.21. However, cybersecurity firm Huntress found this patch insufficient. Huntress also advised disabling Cleo's Autorun Directory to prevent further attack chain execution.
Rapid7 has recommended that Cleo customers remove affected products from the public internet and ensure they are behind a firewall. Cleo later confirmed that products up to version 5.8.0.23 are affected and provided a link for customers to mitigate the flaw. A patch for the new exploit is pending, but not yet released by Cleo.
Security researchers have warned that a zero-day vulnerability in Cleo's file transfer software is being exploited in the wild to steal data. Businesses are urged to follow the advice of cybersecurity firms and take immediate action to protect their systems. Cleo is working on a patch for the exploit, but users should remain vigilant until it is released.
