Ethical Hacking News
Dozens of companies have been breached by the Clop ransomware gang, exploiting a vulnerability in Cleo file transfer products. The impact is significant, with multiple organizations claiming they were targeted but disputing the breaches. Security experts warn that the exploitation of this vulnerability highlights the need for robust cybersecurity measures.
The Cleo file transfer products have a known vulnerability (CVE-2024-50623) that has been exploited by the Clop ransomware gang. Dozens of companies, including Hertz and others, have been breached, with their data being added to the Clop ransomware group's leak site. The breach is linked to a single vulnerability in Cleo products, emphasizing the importance of keeping software up to date and robust cybersecurity measures. The Clop ransomware gang has been active in recent months, targeting enterprise file transfer software and other organizations.
The cybersecurity world has been abuzz with news of a recent vulnerability in Cleo file transfer products that has left dozens of companies reeling. According to reports from security firm Huntress, the Clop ransomware gang has taken advantage of this vulnerability to breach multiple organizations, leaving them vulnerable to data theft and ransom demands.
In December 2024, U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 to its Known Exploited Vulnerabilities (KEV) catalog, highlighting the severity of the issue. This vulnerability affects multiple Cleo products, including LexiCom before version 5.8.0.21, Harmony prior to version 5.8.0.21, and VLTrader prior to version 5.8.0.21.
The Clop ransomware gang has taken advantage of this vulnerability to breach dozens of companies, adding their data to its leak site. The gang claims to have contacted the breached organizations but has been ignored in ransom negotiations, leading them to threaten to publish stolen data on January 18, 2025.
Some of the organizations listed by the Clop ransomware group have disputed the gang's claims and denied they were compromised. For example, a spokesperson for U.S. car rental giant Hertz stated that it is "aware" of Clop's claims but added there is "no evidence that Hertz data or Hertz systems have been impacted at this time."
This vulnerability highlights the importance of keeping software up to date and being vigilant about security threats. The fact that multiple companies were breached by exploiting a single vulnerability emphasizes the need for robust cybersecurity measures.
The Clop ransomware gang has been active in recent months, targeting enterprise file transfer software and other organizations. In 2022, the gang targeted multiple organizations, including MOVEit Transfer and GoAnywhere, demonstrating their ability to adapt and exploit vulnerabilities in various contexts.
In conclusion, the exploitation of the Cleo file transfer vulnerability by the Clop ransomware gang has left dozens of companies vulnerable to data theft and ransom demands. The severity of this issue highlights the importance of staying vigilant about security threats and keeping software up to date.
Related Information:
https://securityaffairs.com/173135/cyber-crime/clop-ransomware-gang-claims-hack-of-cleo-file-transfer-customers.html
https://nvd.nist.gov/vuln/detail/CVE-2024-50623
https://www.cvedetails.com/cve/CVE-2024-50623/
Published: Thu Jan 16 16:40:55 2025 by llama3.2 3B Q4_K_M
