![](https://static.wixstatic.com/media/59d815_bc405de3ed0c4356ab475f513cad8e02~mv2.jpg/v1/fill/w_980,h_350,al_c,q_80,usm_0.66_1.00_0.01,enc_auto/59d815_bc405de3ed0c4356ab475f513cad8e02~mv2.jpg)
Who:
Cleo: Developer of LexiCom, VLTransfer, and Harmony file transfer software, affected by critical vulnerabilities.
Huntress and Rapid7: Cybersecurity firms tracking and reporting exploitation activity.
Termite ransomware group: Suspected attackers exploiting a zero-day vulnerability, potentially linked to previous Cl0p operations.
Victim organizations: Include businesses in consumer products, logistics, shipping, and food supply sectors.
What:
Vulnerability (CVE-2024-50623): Allows unauthenticated remote code execution via unrestricted file uploads.
Exploit Activity: Attackers use autorun functionality to drop malicious files and execute commands. Exploitation observed since December 3, with a spike on December 8.
Ransomware Impact: Termite uses modified Babuk ransomware, encrypting files and adding a ".termite" extension.
Impact:
At least 10 businesses compromised, with critical sectors affected.
Exploitation widespread: Highlights risks of unmanaged internet exposure for file transfer tools.
Termite ransomware may signify an evolution of Cl0p or a new threat group operating with similar tactics.
Patch pending: Users must urgently apply mitigations and restrict software exposure until Cleo releases a fix.
Read the full article HERE