Organizations leveraging Cleo's Harmony, LexiCom, and VLTrader managed file transfer products have been urged by the firm to promptly apply a new fix for the actively exploited zero-day vulnerability, tracked as CVE-2024-50623, which has been inadequately resolved by a previous patch, according to The Record, a news site by cybersecurity firm Recorded Future.
Immediate blocking of IP addresses leveraging the issue has also been recommended by Cleo. "Cleo continues to work proactively to support customers and has extended enhanced 24/7 customer support services to those needing additional technical assistance in addressing this vulnerability," said a company spokesperson. Such a development comes as two dozen organizations, primarily in the retail, shipping, and consumer products sectors, were reported by Huntress to have been compromised in attacks exploiting the Cleo zero-day, some of which involved the deployment of the newly emergent Malichus malware. "From what we have observed in the wild, the activity thus far has been just obtaining initial access, establishing persistence with their malware payload and C2 communication, and then beginning enumeration of the rest of the environment," said Huntress Principal Security Researcher John Hammond, who also noted an internet-exposed Cleo instance at ransomware-hit Blue Yonder.
