Cleo Server Vulnerabilities

Critical vulnerabilities in Cleo’s file transfer software—Harmony, VLTrader, and LexiCom—were exploited in ransomware attacks. The initial flaw, CVE-2024-50623, allowed unauthenticated remote code execution via unrestricted file uploads. Although Cleo released patch version 5.8.0.21 to address this, researchers found it insufficient, leading to continued exploitation. Subsequently, a new vulnerability, CVE-2024-55956, was identified, enabling attackers to execute arbitrary commands through the Autorun directory. Cleo released version 5.8.0.24 to fully mitigate these issues. Organizations are urged to update to the latest versions promptly and monitor for signs of compromise.

Kelloggs Data Breach

Kelloggs Data Breach: Hackers Infiltrate Cleo Servers, Compromise Sensitive Employee Data

WK Kellogg Co. experienced a significant data breach when cybercriminals infiltrated the servers of their third-party vendor, Cleo, compromising sensitive employee information. The CL0P ransomware group exploited a zero-day vulnerability in Cleo's software, gaining access to data like names and Social Security numbers undetected for nearly three months. While the initially reported impact involved a small number of individuals, the nature of the stolen data suggests a potentially wider reach, prompting Kelloggs to offer identity protection services and implement enhanced security measures while highlighting crucial lessons about vendor and vulnerability management. ... Read More