Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cleo Server. Show all posts
MFT
Cleo Server Cyber Attacks File Share Servers Firewalls MFT

File-Sharing Tools Under Attack: What Users Need to Know

 


A serious flaw has been found in three widely used file-sharing tools, putting several organizations at risk of security breaches. The three tools affected, LexiCom, VLTransfer, and Harmony, are all developed by Cleo, a company focused on managed file transfer (MFT) solutions. Experts have warned that the flaw could be exploited and urged users to take preventive measures immediately.


The Vulnerability and Its Impact

This vulnerability, identified as CVE-2024-50623, has been known to allow unrestricted file uploads and downloads. This might allow hackers to execute malicious code remotely. Huntress, a cybersecurity firm, reported that the flaw has already been exploited, with at least 24 businesses confirmed as compromised. Companies in sectors like logistics, consumer products, and food supply are included in the list.

Although Cleo has issued a patch in October 2024, Huntress believes that the update is not enough to protect the users, hence exposing the systems to attackers. According to Shodan, a search engine that monitors internet-connected devices, there are hundreds of vulnerable servers running Cleo's tools, mostly located in the United States.


What Is Happening After Exploitation?

Once the vulnerability has been exploited, attackers are engaging in activities that might reflect data theft or other malicious activities. According to Huntress, the motives of the hackers are unknown and no data breaches have so far been confirmed. But from the available evidence, files may have been accessed or stolen with huge risks to the organizations affected.


Cleo's Response and Recommended Actions

Cleo has acknowledged the vulnerability and is currently working on an improved fix. In the meantime, the company advises users to secure their systems by placing file-sharing tools behind a firewall. This added layer of protection can help minimize exposure to attackers until a robust patch is released.


A Broader Issue in File-Sharing Security

This is not the first time MFT tools have been attacked with security issues. In 2023, a Russian ransomware group exploited a similar vulnerability in MOVEit, another MFT solution, to steal sensitive data from numerous organizations worldwide. These incidents highlight the growing risks associated with such tools, emphasizing the need for stronger security measures.

Users of file-sharing tools need to be watchful and prioritize cybersecurity. Regular application of updates, use of firewalls, and monitoring for unusual activity can help minimize the exploitation risk. Since file-sharing is an integral part of modern business operations, it is essential that these tools are secure in order to protect sensitive information.




Read more »
Vulnerabilities and Exploits
Cleo Server Data Leak File Transfer Tool Security Patch Vulnerabilities and Exploits

Active Exploitation of Cleo Communications' File Transfer Software Exposes Critical Vulnerabilities

 

Cleo Communications' file transfer software is under active attack, with security researchers from Huntress revealing that a recently issued patch fails to address the critical flaws being exploited. This ongoing vulnerability poses a significant threat to sectors relying on Cleo's software for logistics and supply chain operations.

The Vulnerabilities: Autorun Directory and CVE-2024-50623

Hackers are leveraging two key vulnerabilities in Cleo's software:

  • A feature that automatically executes files in the autorun directory.
  • An arbitrary file-write flaw identified as CVE-2024-50623.

On December 3, Huntress reported that Cleo's LexiCom, VLTransfer, and Harmony software solutions are affected by these issues. Despite the company issuing a patch on the same day, Huntress stated that it "does not mitigate the software flaw." This leaves users vulnerable until a new, effective patch is developed.

Cleo’s Response and Planned Mitigations

During a Zoom session with cybersecurity researchers, Cleo's team acknowledged the flaws and committed to designing a second patch. Earlier in the week, Cleo identified an unauthenticated malicious host vulnerability that could lead to remote code execution, although its CVE identifier is still pending.

In a statement, a Cleo spokesperson said the company had launched an investigation with the assistance of external cybersecurity experts. Cleo also informed customers about the issue and provided interim mitigation steps while working on a patch. The spokesperson emphasized that "the investigation is ongoing."

Recommendations for Cleo Users

Until an effective patch is released, Huntress has advised Cleo users to take immediate actions:

  • Erase items from the autorun directory to disrupt attack pathways.
  • Understand that this measure does not address the arbitrary file-write vulnerability, which remains exploitable.

Impacts on Businesses

The exploitation of Cleo's software has significant repercussions, particularly for industries dependent on large-scale logistics and supply chain operations. Researchers reported that:

  • At least 10 businesses have experienced breaches involving Cleo servers.
  • There was a "notable uptick in exploitation" on December 8 around 07:00 UTC.
  • Most incidents have targeted sectors such as consumer products, the food industry, and shipping.

A search on Shodan revealed 436 vulnerable servers, with the majority located in the United States. This underscores the scale of potential exposure and the urgent need for mitigation.

The Attack Chain: From Autorun to Persistent Access

Attackers exploit the autorun directory feature by inserting malicious files that execute automatically. These files allow them to:

  • Run PowerShell commands.
  • Establish persistent access using webshells retrieved from remote servers.

Examples of malicious autorun files include:

  • healthchecktemplate.txt
  • healthcheck.txt

Conclusion: Urgent Need for Robust Security Measures

The active exploitation of Cleo Communications' software highlights the evolving nature of cybersecurity threats and the critical importance of timely, effective patching. Businesses using Cleo's solutions must remain vigilant and implement recommended mitigations to minimize risk until a comprehensive fix is released.

This incident serves as a reminder for all organizations to prioritize cybersecurity, particularly in industries that handle sensitive data and depend on seamless file transfer operations.

Read more »
Subscribe to: Posts (Atom)