Close Menu
TechBrunchTechBrunch
  • Home
  • AI
  • Apps
  • Crypto
  • Security
  • Startups
  • TechCrunch
  • Venture

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

What's Hot

Ransomware Gang Hunter International says it's shut down

July 3, 2025

Everything you need to know about Flash, Blueski-based Instagram alternatives

July 3, 2025

Substack brings new updates to live streaming as it increases video push

July 2, 2025
Facebook X (Twitter) Instagram
TechBrunchTechBrunch
  • Home
  • AI

    OpenAI seeks to extend human lifespans with the help of longevity startups

    January 17, 2025

    Farewell to the $200 million woolly mammoth and TikTok

    January 17, 2025

    Nord Security founder launches Nexos.ai to help enterprises move AI projects from pilot to production

    January 17, 2025

    Data proves it remains difficult for startups to raise capital, even though VCs invested $75 billion in the fourth quarter

    January 16, 2025

    Apple suspends AI notification summaries for news after generating false alerts

    January 16, 2025
  • Apps

    Everything you need to know about Flash, Blueski-based Instagram alternatives

    July 3, 2025

    Substack brings new updates to live streaming as it increases video push

    July 2, 2025

    Amazon shuts down the Freevee app in August

    July 2, 2025

    A guide to using editing, Meta's new Capcut Rival for Short-Form video editing

    July 2, 2025

    The best iPad apps to increase productivity and make your life easier

    July 1, 2025
  • Crypto

    Vitalik Buterin reserves for Sam Altman's global project

    June 28, 2025

    Calci will close a $185 million round as rival Polymeruk reportedly seeks $200 million

    June 25, 2025

    Stablecoin Evangelist: Katie Haun's Battle of Digital Dollars

    June 22, 2025

    Hackers steal and destroy millions of Iran's biggest crypto exchanges

    June 18, 2025

    Unique, a new social media app

    June 17, 2025
  • Security

    Ransomware Gang Hunter International says it's shut down

    July 3, 2025

    India's biggest finance says hackers have accessed customer data from insurance units

    July 2, 2025

    Data breaches reveal that Catwatchful's “Stalkerware” is spying on thousands of phones

    July 2, 2025

    Hacking, Leaking, Exposure: Do not use stalkerware apps

    July 2, 2025

    Qantas Hacks lead to theft of personal data for 6 million passengers

    July 2, 2025
  • Startups

    7 days left: Founders and VCs save over $300 on all stage passes

    March 24, 2025

    AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

    March 24, 2025

    20 Hottest Open Source Startups of 2024

    March 22, 2025

    Andrill may build a weapons factory in the UK

    March 21, 2025

    Startup Weekly: Wiz bets paid off at M&A Rich Week

    March 21, 2025
  • TechCrunch

    OpenSea takes a long-term view with a focus on UX despite NFT sales remaining low

    February 8, 2024

    AI will save software companies' growth dreams

    February 8, 2024

    B2B and B2C are not about who buys, but how you sell

    February 5, 2024

    It's time for venture capital to break away from fast fashion

    February 3, 2024

    a16z's Chris Dixon believes it's time to focus on blockchain use cases rather than speculation

    February 2, 2024
  • Venture

    It's on track to raise $150 million at a $2 billion valuation

    July 2, 2025

    Jon McNeill brings the operator playbook to every stage

    July 1, 2025

    Figma approaches a smash hit IPO that can raise $1.5 billion

    July 1, 2025

    Catalio Capital closes fund IV over $400 million

    July 1, 2025

    Kleida Martiro leads the conversation on AI scale at TC All Stage

    July 1, 2025
TechBrunchTechBrunch

Researchers say exploitable security bug in ConnectWise remote access software is under massive attack

TechBrunchBy TechBrunchFebruary 26, 20243 Mins Read
Facebook Twitter Pinterest Telegram LinkedIn Tumblr WhatsApp Email
Share
Facebook Twitter LinkedIn Pinterest Telegram Email


Two easily exploitable flaws in a popular remote access tool used by more than 1 million companies around the world are currently in mass exploitation, with hackers exploiting them to improve security, security researchers say. It is said to be deploying ransomware and stealing sensitive data.

Cybersecurity giant Mandiant said in a post Friday that it has “confirmed mass exploitation” of two flaws in ConnectWise ScreenConnect, a popular remote access tool that allows IT departments and technicians to remotely provide technical support directly to customer systems over the Internet. ” he posted.

The two vulnerabilities are CVE-2024-1709, an authentication bypass vulnerability that researchers determined would be “embarrassingly easy” for attackers to exploit, and CVE-2024-1709, an authentication bypass vulnerability that researchers determined was “embarrassingly easy” for attackers to exploit. consists of CVE-2024-1708, a path traversal vulnerability that allows remote execution of the attack. , on vulnerable ConnectWise customer instances.

ConnectWise first disclosed the flaw on February 19th and urged on-premises customers to install the security patch immediately. However, thousands of servers remain vulnerable and According to data from Shadowserver Foundationeach of these servers can manage up to 150,000 customer devices.

Mandiant said it had identified “a variety of threat actors” exploiting the two flaws, and warned that “many of them will deploy ransomware and carry out multifaceted extortion,” but the attack was not specific. threat group.

Finnish cybersecurity company WithSecure said in a blog post on Monday that its researchers also observed “collective exploitation” of the ScreenConnect flaw by multiple attackers. According to WithSecure, these hackers are exploiting the vulnerabilities to steal passwords, backdoors, and even deploy ransomware.

WithSecure said it has also observed hackers exploiting this flaw to introduce a Windows variant of the KrustyLoader backdoor onto unpatched ScreenConnect systems. This is the same type of backdoor that was recently installed by hackers exploiting vulnerabilities in Ivanti's corporate VPN software. WithSecure said the activity has not yet been attributed to a specific threat group, but some have linked past activity to a Chinese-backed hacker group focused on espionage.

Security researchers from Sophos and Huntress announced last week that they observed the LockBit ransomware group launching an attack that exploited a vulnerability in ConnectWise — claiming to disrupt the operations of a notorious Russia-linked cybercrime group. This comes days after an international law enforcement operation.

Huntress said in its analysis that “numerous attackers” subsequently used the exploit to deploy ransomware, and “a significant number” of attackers used the exploit to deploy cryptocurrency mining software. He said he observed them installing additional “legitimate” remote access tools to maintain persistent access. It attacks the victim's network and creates new users on the compromised machine.

The number of ConnectWise ScreenConnect customers or end users affected by these vulnerabilities is not yet known, and a ConnectWise spokesperson did not respond to TechCrunch's questions. According to his website, the organization provides remote access technology to more than 1 million of his small businesses that manage more than 13 million devices.

ConnectWise on Sunday canceled a pre-scheduled interview with TechCrunch and CISO Patrick Beggs scheduled for Monday. Connectwise did not disclose the reason for the last-minute cancellation.


Are you affected by the ConnectWise vulnerability? You can contact Carly Page securely via Signal at +441536 853968 or by email at carly.page@techcrunch.com. You can also contact TechCrunch via SecureDrop.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Ransomware Gang Hunter International says it's shut down

July 3, 2025

India's biggest finance says hackers have accessed customer data from insurance units

July 2, 2025

Data breaches reveal that Catwatchful's “Stalkerware” is spying on thousands of phones

July 2, 2025

Hacking, Leaking, Exposure: Do not use stalkerware apps

July 2, 2025

Qantas Hacks lead to theft of personal data for 6 million passengers

July 2, 2025

Ice Block is an app for anonymously reporting ice sightings and becomes a virus overnight after Bondi criticism

July 1, 2025

Leave A Reply Cancel Reply

Top Reviews
Editors Picks

7 days left: Founders and VCs save over $300 on all stage passes

March 24, 2025

AI chip startup Furiosaai reportedly rejecting $800 million acquisition offer from Meta

March 24, 2025

20 Hottest Open Source Startups of 2024

March 22, 2025

Andrill may build a weapons factory in the UK

March 21, 2025
About Us
About Us

Welcome to Tech Brunch, your go-to destination for cutting-edge insights, news, and analysis in the fields of Artificial Intelligence (AI), Cryptocurrency, Technology, and Startups. At Tech Brunch, we are passionate about exploring the latest trends, innovations, and developments shaping the future of these dynamic industries.

Our Picks

Ransomware Gang Hunter International says it's shut down

July 3, 2025

Everything you need to know about Flash, Blueski-based Instagram alternatives

July 3, 2025

Substack brings new updates to live streaming as it increases video push

July 2, 2025

Subscribe to Updates

Subscribe to our newsletter and never miss our latest news

Subscribe my Newsletter for New Posts & tips Let's stay updated!

© 2025 TechBrunch. Designed by TechBrunch.
  • Home
  • About Tech Brunch
  • Advertise with Tech Brunch
  • Contact us
  • DMCA Notice
  • Privacy Policy
  • Terms of Use

Type above and press Enter to search. Press Esc to cancel.