Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

April 17, 2024 at 07:12AM Cybersecurity researchers have uncovered a new campaign exploiting a vulnerability in Fortinet FortiClient EMS devices, allowing unauthorized code execution. The campaign, tracked by Forescout as Connect:fun, utilizes ScreenConnect and Metasploit Powerfun. Organizations are urged to patch the CVE-2023-48788 vulnerability, monitor for suspicious activity, and use a web application firewall for … Read more

North Korea Hits ScreenConnect Bugs to Drop ‘ToddleShark’ Malware

March 5, 2024 at 03:02PM North Korean hackers exploit ConnectWise’s ScreenConnect software vulnerability with ToddleShark malware. Kimsuky, a DPRK-based APT, targets organizations using the CVE-2024-1709 bug. ToddleShark gathers system info and sends it to attacker-controlled servers via encrypted channels. It evades detection through randomization and junk code. Organizations are urged to patch their systems promptly. … Read more

ScreenConnect flaws exploited to drop new ToddlerShark malware

March 5, 2024 at 09:39AM North Korean APT group Kimsuky exploits ScreenConnect flaws CVE-2024-1708 and CVE-2024-1709 to spread new malware variant ToddlerShark. The group uses legitimate Microsoft binaries, registry modifications, and scheduled tasks for persistent access and data exfiltration. ToddlerShark, a polymorphic malware, exhibits evasion techniques, making detection and analysis challenging. Kroll plans to share … Read more

ScreenConnect flaws exploited to drop new ToddleShark malware

March 4, 2024 at 05:44PM North Korean APT group Kimsuky is exploiting ScreenConnect vulnerabilities CVE-2024-1708 and CVE-2024-1709 to distribute the new ToddleShark malware. This polymorphic variant aims for long-term espionage, using legitimate Microsoft tools and scheduled tasks for persistent access. Kroll’s upcoming report will share further details and indicators of compromise for ToddleShark. From the … Read more

Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws

February 27, 2024 at 11:27AM Multiple threat actors are exploiting two recently resolved vulnerabilities in ConnectWise ScreenConnect. The flaws, tracked as CVE-2024-1709 and CVE-2024-1708, allow for authentication bypass and path traversal. ConnectWise has released patches and urged immediate updates to version 23.9.8. Trend Micro has observed various cybercrime groups exploiting the vulnerabilities for malware delivery … Read more

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery

February 23, 2024 at 07:33AM ConnectWise’s ScreenConnect product faced a critical vulnerability, leading to widespread exploitation for ransomware and other malware. The company issued patches for an authentication bypass flaw and path traversal issue, now assigned CVE identifiers. Exploited flaws, dubbed SlashAndGrab, allowed unauthorized account creation and arbitrary code execution. Several malicious activities were reported, … Read more

New ScreenConnect RCE flaw exploited in ransomware attacks

February 23, 2024 at 07:15AM Sophos reported that recent ransomware attacks used the leaked LockBit ransomware builder, dropped on 30 customer networks and created by a different threat actor. The attacks exploit an authentication bypass vulnerability in unpatched ScreenConnect servers, prompting CISA to issue a security directive. Despite a law enforcement operation, LockBit attacks continue … Read more

ScreenConnect servers hacked in LockBit ransomware attacks

February 22, 2024 at 01:35PM Attackers exploit a severe authentication bypass vulnerability to breach unpatched ScreenConnect servers, deploying LockBit ransomware. ConnectWise released security updates, including a patch for a high-severity path traversal flaw. Both bugs impact all ScreenConnect versions. CISA ordered U.S. federal agencies to secure servers within a week. Threat actors have deployed LockBit … Read more

Exploiting the latest max-severity ConnectWise bug is ’embarrassingly easy’

February 21, 2024 at 12:49PM A critical RCE vulnerability in ConnectWise’s ScreenConnect requires urgent patching due to its severity. The exploit allows an attacker to compromise user accounts and gain admin access, potentially leading to RMM tool attacks. The company has released patches, urging immediate updates due to the high risk of attacks. Limited threat … Read more

ScreenConnect critical bug now under attack as exploit code emerges

February 21, 2024 at 12:19PM ConnectWise recently disclosed two vulnerabilities in its ScreenConnect software, leading to immediate exploitation by attackers. CISA assigned CVE-2024-1708 and CVE-2024-1709 identifiers to these security issues. ConnectWise advised updating servers to version 23.9.8 to mitigate risk, highlighting compromises to multiple ScreenConnect accounts. Cybersecurity company Huntress emphasized the ease of exploiting these … Read more