59 organizations reportedly victim to breaches caused by Cleo software bug
Posted by:
Olivia Smith
Russian ransomware group Clop has admitted to hacking 59 companies by exploiting a bug in file transfer applications developed by Cleo. The bug, known as CVE-2024-50623, impacts Cleo’s LexiCom, VLTransfer, and Harmony software, allowing for remote code execution and was disclosed in October 2024. Clop disclosed the list of victims on its dark web site, but some companies are denying any breach. Clop has claimed to send intrusion notices to victims, including Cleo, and is pressuring them for ransom demands. Covestro, a German manufacturer, disclosed unauthorized access by Clop to a US logistics server but assured that security measures have been taken. Hertz, Linfox, and Blue Yonder deny any intrusions, with investigations ongoing. Clop threatens to reveal more victims on January 21, 2025, raising concerns about the true scope of the attack. Many companies are increasingly worried about cyberattacks, emphasizing the importance of robust cybersecurity measures.
Recent Posts1
