The best file sharing tools are being hit by security attacks again
- Security researchers Huntress discover a flaw in the LexiCom, VLTransfer and Harmony tools
- The bug was fixed over a month ago, but the patch didn’t work
- Now hackers are exploiting the bug, possibly to steal data
Experts have warned that multiple managed file transfer tools from the same developer are being misused to launch attacks and potentially steal data, with dozens of organizations already targeted.
Cybersecurity researchers at Huntress claim that LexiCom, VLTransfer, and Harmony are all vulnerable to CVE-2024-50623, an unrestricted file upload and download vulnerability that could lead to remote code execution.
All three tools are built by the same company, Cleo, which published a patch for the bug in late October 2024. However, Huntress claims that the patch does not work properly and does not protect users from threat actors.
Post-operation activities
Huntress, which says its tools protect more than 1,700 Cleo users, even claims it has spotted at least 24 compromised companies.
“Victim organizations to date include several consumer products companies, logistics and shipping organizations, and food suppliers,” Huntress said in his article, adding that numerous other companies are at risk.
TechCrunch added that Shodan shows “hundreds” of vulnerable Cleo servers, mostly in the United States. The company has more than 4,000 customers, including a number of large companies.
The attackers have not yet been identified and Huntress cannot say for certain whether they stole information from these organizations. However, the researchers did say that the threat actors were conducting “post-exploitation” activities, which could indicate that files were indeed stolen.
Cleo acknowledged the error and confirmed that the team was working on a new solution, but until it is available, users should put the tools behind a firewall to be safe.
Managed file transfer (MFT) solutions and security issues made headlines in 2023, when a Russian ransomware group Cl0p discovered a hole in MOVEit and used it to exfiltrate data from thousands of organizations around the world.
Via TechCrunch