Here we go again: threat actors are taking advantage of vulnerabilities in file transfer products. This time it is Cleo file transfer products. The Record reports:
Cybersecurity researchers are warning that vulnerabilities in several file transfer products are being exploited by hackers, even after a patch was released by the developer.
The vulnerability — CVE-2024-50623 — was recently patched by software developer Cleo and affects the company’s LexiCom, VLTransfer and Harmony products. However, researchers at cybersecurity firm Huntress say the patch “does not mitigate the software flaw,” and that they’ve seen threat actors exploiting the bug “en masse” over the last week.
“This vulnerability is being actively exploited in the wild and fully patched systems running 5.8.0.21 are still exploitable,” Huntress said. “We strongly recommend you move any internet-exposed Cleo systems behind a firewall until a new patch is released.”
Read more at The Record.