February 21, 2024 at 12:15PM ConnectWise responded to reports of hackers exploiting vulnerabilities in its ScreenConnect product. The company confirmed compromised accounts and emphasized the urgent need for businesses to upgrade to version 23.9.8 to prevent remote code execution. Security firms also highlighted the seriousness of the situation, prompting ConnectWise to urgently advise customers to … Read more
February 20, 2024 at 12:27PM ConnectWise has urgently released patches for two critical security flaws in its ScreenConnect remote desktop access product, warning of high risk of exploitation. The most severe bug allows an “authentication bypass using an alternate path or channel,” scoring 10/10 in CVSS, while a second bug, an “improper limitation of a … Read more
February 20, 2024 at 11:52AM ConnectWise issued a warning to immediately patch ScreenConnect servers due to high-severity flaws that can lead to remote code execution attacks. There is no evidence of exploitation, but urgency is stressed for on-premise partners. Huntress security researchers already created a bypass proof-of-concept exploit. CISA, NSA, and MS-ISAC have issued a … Read more
February 20, 2024 at 06:27AM ConnectWise released software updates to fix critical security flaws in its ScreenConnect remote desktop and access software. The vulnerabilities could enable remote code execution and impact confidential data or critical systems. Users of affected versions are urged to update to version 23.9.8 to mitigate the risk of exploitation. Key Takeaways … Read more
November 10, 2023 at 02:59PM Hackers have been targeting healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. The attacks involve installing additional remote access tools to ensure persistent access to the environments. The attacks were observed between October 28 and November 8, 2023, and the same actor is behind all incidents. … Read more