This next generation version dumps process memory of the targeted
Malware prior to termination The process memory dump file MalDump.dmp
varies in size and can be 50 MB plus RansomLord now intercepts and
terminates ransomware from 54 different threat groups Adding GPCode,
DarkRace, Snocry, Hydra and Sage to the ever growing victim list.
Lang: C
SHA256: fcb259471a4a7afa938e3aa119bdff25620ae83f128c8c7d39266f410a7ec9aa
What is the Vulnerability?An unrestricted file upload and download vulnerability (CVE-2024-50623) that could lead to remote code execution, affecting multiple Cleo products is being actively exploited in the wild. The vulnerability affects the following Cleo products (versions before and including 5.8.0.21)-Cleo Harmony -Cleo VLTrader -Cleo LexiCom Cleo is a software company focused on Managed File Transfer (MFT) solutions. Its products-Cleo VLTrader, Cleo Harmony, and Cleo LexiCom facilitates secure file transfers, B2B integration, and streamlines data exchange and integration.On December 13, 2024, CISA confirmed that the CVE-2024-50623, is being actively exploited, including in Ransomware campaigns and has been added to the Known Exploited Vulnerabilities (KEV) catalog.What is the recommended Mitigation?FortiGuard Labs strongly advises all Cleo customers to immediately upgrade instances of Harmony, VLTrader, and LexiCom to the latest released patch as released and follow: Cleo Product Security Advisory – CVE-2024-50623 – CleoWhat FortiGuard Coverage is available?FortiGuard recommends users to apply the fix provided by the vendor and follow instructions as mentioned on the vendor’s advisory. FortiGuard Web Filtering service blocks all the known Indicators of Compromise (IoCs) related to the campaigns targeting the Cleo Vulnerability. FortiGuard IPS protection coverage is under review, and this report will be updated as new coverage becomes available.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
A buffer overflow was discovered in the vhost code of DPDK, a set of
libraries for fast packet processing, which could result in denial of
service or the execution of arbitrary code by malicious
guests/containers.