Who:
Cleo: Developer of LexiCom, VLTransfer, and Harmony file transfer software, affected by critical vulnerabilities.
Huntress and Rapid7: Cybersecurity firms tracking and reporting exploitation activity.
Termite ransomware group: Suspected attackers exploiting a zero-day vulnerability, potentially linked to previous Cl0p operations.
Victim organizations: Include businesses in consumer products, logistics, shipping, and food supply sectors.
What:
Vulnerability (CVE-2024-50623): Allows unauthenticated remote code execution via unrestricted file uploads.
Exploit Activity: Attackers use autorun functionality to drop malicious files and execute commands. Exploitation observed since December 3, with a spike on December 8.
Ransomware Impact: Termite uses modified Babuk ransomware, encrypting files and adding a ".termite" extension.
Impact:
At least 10 businesses compromised, with critical sectors affected.
Exploitation widespread: Highlights risks of unmanaged internet exposure for file transfer tools.
Termite ransomware may signify an evolution of Cl0p or a new threat group operating with similar tactics.
Patch pending: Users must urgently apply mitigations and restrict software exposure until Cleo releases a fix.
Read the full article HERE