Cybersecurity firm Huntress discovers that the patch for the vulnerability in Cleo software does not help.
Hackers would actively exploit another high-risk vulnerability within Cleo software, according to researchers from cyber security firm Huntress. The vulnerability is tracked as CVE-2024-50623 and affects a popular Cleo software that companies use to transfer files.
Patch doesn’t help
Cleo first disclosed this vulnerability in a security advisory on Oct. 30. In it, the company already warned that the exploit could cause remote code execution. This vulnerability affects Cleo’s LexiCom, VLTransfer and Harmony tools. For this, the company released a patch.
read also
Cleo software security flaw actively exploited: patch doesn’t help
However, cyber security firm Huntress warned that the patch does not fix the problem and that since Dec. 3 it has observed threat actors “massively abusing the software.” Security researcher John Hammond said that protecting more than 1,700 Cleo LexiCom, VLTransfer and Harmony servers – has discovered at least 24 companies whose servers have been compromised,” in a statement to TechCrunch.
Currently affected companies are very diverse, from consumer products, logistics and shipping organizations, and food suppliers, according to Huntress’ blog. Other customers are also at risk of being hacked.
The threat actor behind these attacks is not yet known. Huntress advises customers to place all systems connected to the Internet behind a firewall until Cleo comes out with a new, working patch.