Cleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, VLTrader, and LexiCom instances. Version 5.8.0.24 of the three products, which was pushed out on Wednesday, plugs the hole that allowed attackers into vulnerable installations, where they moved to establish a reverse shell connection to their servers and perform reconnaissance. Huntress researcher John Hammond confirmed that the patch is effective at … More

The post Cleo patches zero-day exploited by ransomware gang appeared first on Help Net Security.