FlagThis

CyberSecurity updates
2024-12-26 12:14:11 Pacfic
Greg Otto @ CyberScoop
Clop Ransomware Exploits Cleo Zero Days - 9d
Read more: cyberscoop.com

The Clop ransomware group has claimed responsibility for recent data theft attacks targeting Cleo, a company specializing in managed file transfer platforms. The attacks exploited zero-day vulnerabilities in Cleo's Harmony, VLTrader, and LexiCom software, allowing the hackers to breach corporate networks and steal sensitive data. These vulnerabilities included an unrestricted file upload and download capability and the ability to bypass the patch, leading to the execution of malicious files and the establishment of persistent access. The initial patch released by Cleo for CVE-2024-50623 was found to be incomplete, which allowed attackers to upload a Java backdoor that further facilitated data theft, command execution, and deeper access into the compromised networks. The Cybersecurity and Infrastructure Security Agency (CISA) has added the exploited Cleo vulnerabilities to its Known Exploited Vulnerabilities catalog. The Clop ransomware group has a history of targeting file transfer software, being linked to the large-scale attack on the MOVEit Transfer platform.

Original img attribution: https://cyberscoop.com/wp-content/uploads/sites/3/2024/12/GettyImages-1718516027-min.jpg
ImgSrc: cyberscoop.com
References:
  • CySecurity News - Active Exploitation of Cleo Communications' File Transfer Software Exposes Critical Vulnerabilities - 10d
  • @bleepingcomputer.com - The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. - 10d
  • DataBreaches.Net - Clop ransomware claims responsibility for Cleo data theft attacks - 10d
  • Over Security - The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. - 10d
  • Techzine Global - Clop ransomware gang claims responsibility for Cleo attacks - 10d
  • Security Archives - U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog - 9d
  • Dataconomy - Clop ransomware just made your file transfers a security minefield - 9d
  • @BleepingComputer - The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. - 9d
  • PCMag.com - The notorious CLOP ransomware gang is claiming responsibility for exploiting a zero-day vulnerability in Cleo’s file-transfer services to steal data from numerous companies. - 9d
  • SOCRadar - Cleo File Transfer Vulnerabilities (CVE-2024-50623, CVE-2024-55956) – Cl0P’s Latest Attack Vector - 9d
  • Threats - Clop is back to wreak havoc via vulnerable file-transfer software - 8d
  • www.cybersecurity-insiders.com - Clop Ransomware circumvents Cleo file transfer software for data steal - 8d

Classification:
  • HashTags: Ransomware DataBreach Cleo
  • Company: Cleo
  • Target: Cleo Customers
  • Attacker: Clop
  • Product: Cleo Harmony, VLTrader, LexiCom
  • Feature: file transfer
  • Type: Ransomware
  • Severity: Major

This site is an experimental news aggregator using feeds I personally follow. You can provide me feedback using this form or using Bluesky.