Science and Tech

They use file transfer software to launch attacks that allow remote code execution

Malware

Malware – PEXELS

Dec. 10 (Portaltic/EP) –

Researchers have discovered that a group of cybercriminals is using file transfer software to implement massive attacks, taking advantage of a vulnerability that allowed unauthenticated code to be executed remotely.

This vulnerability, identified as CVE-2024-50623, affects versions prior to 5.8.0.21 of programs LexiCom, VLTransfer and harmony developed by the software company Cleo, as specified by experts from the cybersecurity company Huntress.

On December 3, this firm warned of an emerging threat in the aforementioned programs, which are usually used to manage file transfers and are often installed directly on the system as default option suggested during the download process.

This unrestricted file upload and download vulnerability could cause remote execution of malicious code in massive attacks and also allowed cybercriminals to carry out “activities” after exploitation, as explained. Huntress on his blog.

The cybersecurity firm has indicated that according to its investigations it has discovered at least 10 companies whose Cleo servers were compromised in this attack and that it was observed “a notable increase” in exploitation of the failure on December 8.

In addition, he has announced that most of those affected belong to the consumer products, food, transportation and shipping industries. However, there are other companies that could also be in danger in different parts of the world.

Huntress has adopted “a three-pronged approach” to detect, investigate and respond effectively to the threat. In addition to creating an internal research guide for keep your user community safehas neutralized this threat on the endpoints where it appeared by taking advantage of the IP blocking function.

After knowing this vulnerability, Cleo has recommended all customers update these instances with the latest released patch “to address other potential attack vectors discovered for the vulnerability.”

However, Huntress has pointed out that despite this update, it has been discovered that the patch shared by Cleo does not mitigate the software error and has recommended use a firewall (‘firewall’) until an update is finally released that neutralizes the vulnerability.

Source link