Hackers are exploiting a flaw in popular file transfer tools to launch many hacks, too

Security researchers warn that hackers are actively using some of the top vulnerabilities in popular file transfer technologies to launch more hacks.

The vulnerability, tracked as CVE-2024-50623, affects software developed by Illinois-based business software company Cleo, according to researchers at cybersecurity firm Huntress.

The flaw was first disclosed by Cleo to a security advisor on October 30 who warned that an exploit could lead to remote code execution. It affects Cleo’s LexiCom, VLTransfer, and Harmony tools, which are commonly used by businesses to manage file transfers.

Cleo released a patch for the vulnerability in October, but in a blog post on Monday Huntress warned that the patch does not address the software flaw.

Huntress security researcher John Hammond said the company has seen threat actors “exploiting this software in large numbers” since December 3. He added that Huntress – which protects more than 1,700 servers Cleo LexiCom, VLTransfer, and Harmony – found at least 10 businesses of its servers. they were in danger.

“Victim organizations so far include various consumer products companies, transportation and shipping organizations, and food suppliers,” Hammond wrote, adding that many other customers are at risk of being hacked.

Shodan, a publicly available device search engine and database, lists hundreds of vulnerable Cleo servers, most of which are located in the US.

Cleo has more than 4,200 customers, including US biotechnology company Illumina, sports shoe giant New Balance, and Dutch company Logistics Portable.

Huntress has not yet identified the malicious actor behind the attack and it is unknown if any data was stolen from affected Cleo customers. However, Hammond noted that the company has seen hackers do “post-exploit work” after compromising vulnerable systems.

Cleo did not respond to TechCrunch’s questions and has yet to release a paper defending the bug. Huntress recommends that Cleo customers move any Internet-exposed programs behind a firewall until a new patch is released.

Business file transfer tools are a popular target among hackers and pirate groups. Last year, a gang linked to the Russian Clop ransomware claimed thousands of victims by exploiting a zero-day vulnerability in Progress Software’s MOVEit Transfer product. The gang previously gained notoriety for the mass exploitation of a vulnerability in Fortra’s GoAnywhere managed file transfer software, which was used to target more than 130 organizations.