Source: Managed Cybersecurity Platform for SMBs and IT Providers Author: Team Huntress URL: https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild?utm_source=linkedin&utm_medium=social
-
ONE SENTENCE SUMMARY: Cleo’s software vulnerability CVE-2024-55956 is being exploited, necessitating urgent protective measures until a comprehensive patch is released.
-
MAIN POINTS:
-
Cleo’s LexiCom, VLTransfer, and Harmony software have a critical exploit being actively attacked.
-
The vulnerability allows unauthenticated remote code execution, posing severe security risks.
-
Even fully patched systems (version 5.8.0.21) remain exploitable, requiring immediate caution.
-
Threat actors create malicious files in installation directories to facilitate post-exploitation activities.
-
Specific IP addresses linked to attackers have been identified, requiring monitoring and blocking.
-
Cleo plans to release a new patch to address the vulnerability soon.
-
Disabling autorun features can mitigate some risks but won’t prevent the underlying vulnerability.
-
Companies in consumer, food, trucking, and shipping industries are particularly affected.
-
Huntress has developed detection measures and is actively neutralizing the threat.
-
Users should check for indicators of compromise in installation directories to assess risks.
-
TAKEAWAYS:
-
Urgently move exposed Cleo systems behind a firewall to limit exposure.
-
Disabling autorun features can reduce risks until a permanent patch is available.
-
Monitor logs and directories for indicators of compromise to identify attacks.
-
Collaboration with Cleo is ongoing to develop an effective patch against the exploit.
-
Stay updated on Huntress’s blog for the latest information and protective measures.