Press ESC to close

Widespread exploitation of Cleo file transfer software (CVE-2024-50623)

Attribute Details
Threat Actors Financially motivated adversaries
Campaign Overview Exploitation of Cleo file transfer software vulnerabilities
Target Regions Customer environments globally
Methodology Exploiting CVE-2024-50623 through remote code execution
Product Targeted Cleo Harmony, Cleo VLTrader, Cleo LexiCom
Malware Reference Remote code execution artifacts, PowerShell, enumeration tools
Tools Used PowerShell, Autorun Directory exploitation
Vulnerabilities CVE-2024-50623 (Cross-Site Scripting – CWE-79)
TTPs Enumeration, post-exploitation, remote command execution
Attribution Huntress, Rapid7, Cleo
Recommendations Apply mitigations, disable Autorun Directory, place products behind firewall
Source Rapid7

Read full article:https://www.rapid7.com/blog/post/2024/12/10/etr-widespread-exploitation-of-cleo-file-transfer-software-cve-2024-50623/

Disclaimer: The above summary has been generated by an AI language model

Source: Rapid7

Published on: December 10, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *