Cleo has issued a strong advisory for customers to upgrade their Harmony, VLTrader, and LexiCom products after an October patch was circumvented, leading to mass ransomware attacks.
Huntress warned that Cleo's patched products were under attack, with new malware called Malichus leveraging the existing vulnerability, indicating serious security failures within Cleo's offerings.
The latest security alerts from Cleo indicate that a new vulnerability, CVE-2024-55956, is a bypass of the previous flaw and is currently being exploited, suggesting ongoing risk.
CISA has added the Cleo vulnerability to its Known Exploited Vulnerabilities catalog, underlining the significant threat posed by these exploits in ongoing ransomware campaigns.
Collection
[
|
...
]