#ConnectWise

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

by

April 24, 2024 at 09:45AM Cybersecurity researchers have uncovered an ongoing attack campaign, FROZEN#SHADOW, utilizing phishing emails to distribute SSLoad malware, Cobalt Strike, and ConnectWise ScreenConnect. The campaign targets organizations in Asia, Europe, and the Americas, using various methods to deliver malware and gain access to critical systems. The attackers’ persistence poses significant risks to … Read more

China-Linked Group Breaches Networks via Connectwise, F5 Software Flaws

by

March 22, 2024 at 08:33AM A China-linked threat group utilized security flaws in Connectwise ScreenConnect and F5 BIG-IP to distribute custom malware for creating backdoors on compromised Linux hosts. The group, tracked as UNC5174, has targeted various organizations, including research institutions and government entities in the U.S. and U.K. They have also been observed trying … Read more

North Korea Hits ScreenConnect Bugs to Drop ‘ToddleShark’ Malware

by

March 5, 2024 at 03:02PM North Korean hackers exploit ConnectWise’s ScreenConnect software vulnerability with ToddleShark malware. Kimsuky, a DPRK-based APT, targets organizations using the CVE-2024-1709 bug. ToddleShark gathers system info and sends it to attacker-controlled servers via encrypted channels. It evades detection through randomization and junk code. Organizations are urged to patch their systems promptly. … Read more

Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws

by

February 27, 2024 at 11:27AM Multiple threat actors are exploiting two recently resolved vulnerabilities in ConnectWise ScreenConnect. The flaws, tracked as CVE-2024-1709 and CVE-2024-1708, allow for authentication bypass and path traversal. ConnectWise has released patches and urged immediate updates to version 23.9.8. Trend Micro has observed various cybercrime groups exploiting the vulnerabilities for malware delivery … Read more

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery

by

February 23, 2024 at 07:33AM ConnectWise’s ScreenConnect product faced a critical vulnerability, leading to widespread exploitation for ransomware and other malware. The company issued patches for an authentication bypass flaw and path traversal issue, now assigned CVE identifiers. Exploited flaws, dubbed SlashAndGrab, allowed unauthorized account creation and arbitrary code execution. Several malicious activities were reported, … Read more

ScreenConnect servers hacked in LockBit ransomware attacks

by

February 22, 2024 at 01:35PM Attackers exploit a severe authentication bypass vulnerability to breach unpatched ScreenConnect servers, deploying LockBit ransomware. ConnectWise released security updates, including a patch for a high-severity path traversal flaw. Both bugs impact all ScreenConnect versions. CISA ordered U.S. federal agencies to secure servers within a week. Threat actors have deployed LockBit … Read more

Exploiting the latest max-severity ConnectWise bug is ’embarrassingly easy’

by

February 21, 2024 at 12:49PM A critical RCE vulnerability in ConnectWise’s ScreenConnect requires urgent patching due to its severity. The exploit allows an attacker to compromise user accounts and gain admin access, potentially leading to RMM tool attacks. The company has released patches, urging immediate updates due to the high risk of attacks. Limited threat … Read more

ScreenConnect critical bug now under attack as exploit code emerges

by

February 21, 2024 at 12:19PM ConnectWise recently disclosed two vulnerabilities in its ScreenConnect software, leading to immediate exploitation by attackers. CISA assigned CVE-2024-1708 and CVE-2024-1709 identifiers to these security issues. ConnectWise advised updating servers to version 23.9.8 to mitigate risk, highlighting compromises to multiple ScreenConnect accounts. Cybersecurity company Huntress emphasized the ease of exploiting these … Read more

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation

by

February 21, 2024 at 12:15PM ConnectWise responded to reports of hackers exploiting vulnerabilities in its ScreenConnect product. The company confirmed compromised accounts and emphasized the urgent need for businesses to upgrade to version 23.9.8 to prevent remote code execution. Security firms also highlighted the seriousness of the situation, prompting ConnectWise to urgently advise customers to … Read more

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool

by

February 20, 2024 at 12:27PM ConnectWise has urgently released patches for two critical security flaws in its ScreenConnect remote desktop access product, warning of high risk of exploitation. The most severe bug allows an “authentication bypass using an alternate path or channel,” scoring 10/10 in CVSS, while a second bug, an “improper limitation of a … Read more