ConnectWise News Articles
Recent news articles refferecing the vendors vulnerabilities.
Security IntelligenceRemote access risks on the rise with CVE-2024-1708 and CVE-2024-1709
ConnectWise recently reported two vulnerabilities in its ScreenConnect product, allowing threat actors to bypass authentication and execute remote code.
8 months ago
CISA urges software devs to weed out path traversal vulnerabilities
CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping.
8 months ago
Chinese government hacker exploiting ScreenConnect, F5 bugs to attack defense and government entities
A hacker allegedly connected to the People's Republic of China (PRC) has been exploiting two popular vulnerabilities to attack U.S. defense contractors, U.K. government entities and institutions in Asia.
9 months ago
www.secureworks.comWidespread Exploitation of ConnectWise ScreenConnect Server Vulnerabilities
On February 19, 2024, ConnectWise released a security bulletin detailing the following two vulnerabilities in the self-hosted ScreenConnect server. Both vulnerabilities were reported to ConnectWise on...
9 months ago
Remediation and Hardening Guide for ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) | Mandiant
On Feb. 19, 2024, ConnectWise announced two vulnerabilities for their ScreenConnect product affecting (on-premises) versions 23.9.7 and earlier:CVE-2024-1708 – Authentication Bypass Vulnerability...
10 months ago
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.
10 months ago
TechRepublicNew Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers
One vulnerability impacting ConnectWise ScreenConnect that allows remote attackers to bypass authentication to create admin accounts is being used in the wild.
10 months ago
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry.
10 months ago
OODA Loop - IntelligenceCVE-2024-1709ScreenConnect Flaws Exploited to Deliver All Kinds of Malware (CVE-2024-1709, CVE-2024-1708)
ConnectWise ScreenConnect is a remote desktop solution consisting of server and client elements (applications). This makes it a popular solution for offering technical assistance or for remotely managing data centers. However, this is also what makes it a popular solution for attackers, who exploit ...
10 months ago
'SlashAndGrab' ScreenConnect Vulnerability Widely Exploited for Malware Delivery
ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware.
10 months ago
ConnectWise ScreenConnect attacks deliver malware
Sophos X-Ops is tracking a developing wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations. This page provides advice and guidance for customers, researchers,...
10 months ago
CyberSecurityNewsScreenConnect Security Flaw Exploited In The Wild By Attackers
The ScreenConnect software is a popular choice for remote access among organizations worldwide. However, recent vulnerabilities have raised
10 months ago
ConnectWise ScreenConnect flaws under attack, patch now | TechTarget
ConnectWise said Feb. 20 that two critical vulnerabilities in its ScreenConnect remote access software were under exploitation by threat actors.
10 months ago
ScreenConnect servers hacked in LockBit ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.
10 months ago
New ScreenConnect RCE flaw exploited in ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.
10 months ago
Help Net SecurityAttackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) - Help Net Security
2 ScreenConnect vulnerabilities ConnectWise has urged customers to patch now have CVE numbers: CVE-2024-1709 and CVE-2024-1708.
10 months ago
Unit 42Threat Brief: ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709)
CVE-2024-1708 and CVE-2024-1709 affect ConnectWise remote desktop application ScreenConnect. This Threat Brief covers attack scope and includes our telemetry.
10 months ago
ConnectWise exploit could spur ‘ransomware free-for-all,’ expert warns
Thousands of ScreenConnect servers are at risk of takeover from a CVSS 10-scored vulnerability.
10 months ago