Security researchers are warning that hackers are actively exploiting another high-risk vulnerability in popular file transfer technology to carry out large-scale hacks.
The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based enterprise software company Cleo, according to researchers at cybersecurity firm Huntress.
The flaw was first disclosed by Cleo in a security advisory on October 30th, warning that exploitation could lead to remote code execution. This affects Cleo's LexiCom, VLTransfer, and Harmony tools that are commonly used by enterprises to manage file transfers.
Cleo released a patch for the vulnerability in October, but Huntress warned in a blog post Monday that the patch does not mitigate the software flaw.
Huntress security researcher John Hammond said the company has observed threat actors “exploiting this software en masse” since Dec. 3. He added that Huntress, which protects more than 1,700 Cleo LexiCom, VLTransfer and Harmony servers, has discovered at least 10 companies using its compromised servers.
“Victim organizations to date include a variety of consumer product companies, logistics and delivery organizations, and food supply companies,” Hammond said, adding that many other customers were also at risk of the hack. He added that there is.
Shodan, a publicly available device and database search engine, lists hundreds of vulnerable Cleo servers, the majority of which are located in the United States.
Creo has more than 4,200 customers, including US biotech company Illumina, sports shoe giant New Balance, and Dutch logistics company Portable.
Huntress has not yet identified the attackers behind these attacks, and it is unclear whether any data was stolen from affected Cleo customers. However, Hammond noted that the company has observed hackers engaging in “post-exploitation activity” after infiltrating vulnerable systems.
Cleo did not respond to TechCrunch's questions and has not yet released a patch to prevent the flaw. Huntress recommends that Cleo customers move their internet-exposed systems behind their firewalls until a new patch is released.
Enterprise file transfer tools are popular targets among hackers and extortion groups. Last year, the Russia-linked Clop ransomware gang exploited a zero-day vulnerability in Progress Software's MOVEit Transfer product, claiming thousands of victims. The same gang was previously credited with extensively exploiting vulnerabilities in Fortra's managed file transfer software, GoAnywhere, which was used to target more than 130 organizations.