23 Dec, 2024

Clop ransomware claims responsibility for Cleo data theft attacks

The Clop ransomware gang has confirmed to GeekFeed that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. Cleo is the developer of the managed file transfer platforms Cleo Harmony, VLTrader, and LexiCom, which companies use to securely exchange files between their business partners and customers. In […]

4 mins read

CISA confirms critical Cleo bug exploitation in ransomware attacks

​CISA confirmed today that a critical security vulnerability in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. This flaw (tracked as CVE-2024-50623 and impacting all versions before version 5.8.0.21) enables unauthenticated attackers to gain remote code execution on vulnerable servers exposed online. Cleo released security updates to fix it […]

3 mins read

Cleo patches critical zero-day exploited in data theft attacks

Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that “all customers upgrade immediately.” Huntress security researchers first spotted evidence of attacks targeting fully […]

3 mins read