Kevin BeaumontDec 10, 2024
Termite ransomware group operators (and maybe other groups) have a zero day exploit for Cleo LexiCom, VLTransfer, and Harmony. #ransomware #threatintel
Show threadKevin BeaumontDec 10, 2024

This is a build upon Huntress' (excellent) blog https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild

#cleo #threatintel

Cleo Software Actively Being Exploited in the Wild | Huntress

Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers. Read more about this emerging threat on the Huntress Blog.

Show threadKevin BeaumontDec 10, 2024

i would fully pull the plug on impacted Cleo products until there's vendor clarity btw

Shodan dork (not exhaustive) - the Windows ones are a particular problem in terms of ransomware.

https://beta.shodan.io/search?query=http.html_hash%3A1534766930

#cleo #threatintel

Show threadFritz AdalisDec 10, 2024
@GossiTheDog
LOL
Server: Cleo LexiCom/4.2 (Windows 2000)
Show threadFritz Adalis

@GossiTheDog
I should have looked at page 2...

Server: Cleo LexiCom/4.5 (Windows NT (unknown))

Dec 10, 2024 at 12:08pmWeb