The Register: Ransomware scum blow holes in Cleo software patches, Cl0p (sort of ) claims responsibility

Dec 16, 2024

—

Source URL: https://www.theregister.com/2024/12/16/ransomware_attacks_exploit_cleo_bug/
Source: The Register
Title: Ransomware scum blow holes in Cleo software patches, Cl0p (sort of ) claims responsibility

Feedly Summary: But can you really take crims at their word?
Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October patch was circumvented, leading to widespread ransomware attacks that Russia-linked gang “Cl0p" has claimed are its evil work.…

AI Summary and Description: Yes

Summary: The text discusses the urgent security concerns surrounding Cleo’s products due to a vulnerability that was exploited in ransomware attacks allegedly linked to the Cl0p gang. The article highlights the importance of swift action by companies regarding updates and patches to mitigate risks associated with known vulnerabilities, particularly in the context of supply chain security.

Detailed Description:
– The incident began when Cleo issued a patch for its Harmony, VLTrader, and LexiCom products in October to resolve a critical flaw that could permit remote code execution.
– Infosec organization Huntress highlighted that this patch was circumvented, leading to a series of ransomware attacks, with Cl0p claiming responsibility.
– Key vulnerabilities involved:
– **CVE-2024-50623**: Initial flaw patched by Cleo.
– **CVE-2024-55956**: New vulnerability that bypassed the earlier patch.
– Cleo has recommended customers immediately update their systems to version 5.8.0.24 to fix the vulnerabilities.
– CISA added Cleo’s vulnerabilities to its list of Known Exploited Vulnerabilities due to the ongoing ransomware campaigns.
– Cl0p is suspected of employing similar tactics to previous attacks, raising concerns over the security posture of supply chain vendors.
– Cybersecurity professionals are dissecting the events to determine the authenticity of Cl0p’s claims and the actual impact on affected businesses.
– Research analysis indicates a potential misalignment in the Cl0p group’s typical tactics with the current events involving Cleo, although the patterns suggest a need for vigilance.

Additional Insights:
– The evolving threat landscape signifies a pressing need for organizations to stay ahead of vulnerabilities in their software supply chain.
– The incident serves as a case study on how rapidly attackers can exploit newly disclosed vulnerabilities and the necessity for ongoing vigilance and rapid patching.
– The situation emphasizes the urgency for cybersecurity professionals to engage in proactive defense strategies including thorough understanding of their software inventory and robust incident response planning.

1 2 2024 3 4 a Act active defense AI alignment analysis API Arch ARM art as attack attackers authenticity Bug business by bypass C chain CISA Cl0p Cleo closed code code execution companies concerns Context critical Current Customer CVE cyber Cybersecurity Cybersecurity Professionals D defense defense strategies e end event execution exp exploit exploited vulnerabilities for g Gen GIS Go Group high Highlight http HTTPS ICO in incident incident response incident response plan infosec insights integration ite k Known Exploited Vulnerabilities l law led Link linked low media Mila no o of on organization organizations ory over Patch patches patching planning post pre proactive proactive defense proactive defense strategies products professionals R raising ransom ransomware ransomware attack ransomware attacks RCE real Remote Code Execution research response Response Plan responsibility Risk risks Russia s search sec security security concerns security posture security professionals Sig Sim SoC software software patches software supply chain source SSE supply supply chain supply chain security Swift system systems T tactics text the threat landscape to Tor up update updates upgrade uth vendor vendors vigilance vulnerabilities vulnerability Wi x