Cleo patches critical zero-day exploited in data theft attacks

Cleo patches critical zero-day exploited in data theft attacks

Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks.

Cleo releases new patch as threat groups ramp up exploitation of critical CVE

Researchers warned that companies primarily in the trucking, food, retail and shipping industries were under attack.

Immediate patching of actively exploited Cleo flaw urged

Immediate blocking of IP addresses leveraging the issue has also been recommended by Cleo. Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off using coupon code: MWNEWS10 f…

Cleo MFT Zero-Day Exploits Are About Escalate, Analysts Warn - Plato Data Intelligence

An active ransomware campaign against the Cleo managed file transfer tool is about to ramp up now that a proof-of-concept exploit for a zero-day flaw in the software has become publicly available. Defenders should brace for widespread deployment of the Cleopatra backdoor and other steps in the attack chain. The flaw, which is the result of an insufficient patch for an arbitrary file write tracked as CVE-2024-50623, is being used for remote code …

Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware

The bug was initially tagged as CVE-2024-50623 in October and patched by the company, but researchers from cybersecurity firm Huntress discovered that systems were still vulnerable even after applying the fix.

Cleo releases critical patch for zero-day vulnerability amid active exploitation

Cleo has issued a critical security patch to address an actively exploited zero-day vulnerability in Harmony, VLTrader, and LexiCom.