* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, July 2, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Nantucket Dance Festival opens July 8 – The Inquirer and Mirror

    Nantucket Dance Festival Launches with Thrilling Performances Beginning July 8

    A Secret Society, Ritualistic Killings, and a Century-Old Curse Netflix and YRF Entertainment’s ‘Mandala Murders’ Premieres July 25 – About Netflix

    A Secret Society, Ritualistic Killings, and a Century-Old Curse: Dive into the Chilling World of ‘Mandala Murders’ Premiering July 25

    Susquehanna Raises Penn Entertainment Inc. (PENN) Price Target. – Yahoo Finance

    Susquehanna Raises Price Target for Penn Entertainment Inc. (PENN)

    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

    Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

    Owls inspire new revolutionary noise reduction technology – KTEN

    Owls inspire new revolutionary noise reduction technology – KTEN

    New center coming to Mizzou will focus on energy research and technology – Columbia Missourian

    Mizzou Launches Innovative New Center Dedicated to Energy Research and Technology

    Mirrors in space and underwater curtains: can technology buy us enough time to save the Arctic ice caps? – The Guardian

    Can Technology Like Space Mirrors and Underwater Curtains Buy Us Time to Save the Arctic Ice Caps?

    Naples restaurant owner prepares for hurricane season with new flood technology – Fox4Now.com

    Naples restaurant owner prepares for hurricane season with new flood technology – Fox4Now.com

    Emerging Memory and Storage Technology Market Analysis Report 2025-2034 | AI and HPC Boom Fuels Surging Demand for Fast, Low-Power Memory Devices – Yahoo Finance

    How AI and HPC Are Driving Explosive Growth in Fast, Low-Power Memory Technologies Through 2034

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Nantucket Dance Festival opens July 8 – The Inquirer and Mirror

    Nantucket Dance Festival Launches with Thrilling Performances Beginning July 8

    A Secret Society, Ritualistic Killings, and a Century-Old Curse Netflix and YRF Entertainment’s ‘Mandala Murders’ Premieres July 25 – About Netflix

    A Secret Society, Ritualistic Killings, and a Century-Old Curse: Dive into the Chilling World of ‘Mandala Murders’ Premiering July 25

    Susquehanna Raises Penn Entertainment Inc. (PENN) Price Target. – Yahoo Finance

    Susquehanna Raises Price Target for Penn Entertainment Inc. (PENN)

    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

    Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

    Owls inspire new revolutionary noise reduction technology – KTEN

    Owls inspire new revolutionary noise reduction technology – KTEN

    New center coming to Mizzou will focus on energy research and technology – Columbia Missourian

    Mizzou Launches Innovative New Center Dedicated to Energy Research and Technology

    Mirrors in space and underwater curtains: can technology buy us enough time to save the Arctic ice caps? – The Guardian

    Can Technology Like Space Mirrors and Underwater Curtains Buy Us Time to Save the Arctic Ice Caps?

    Naples restaurant owner prepares for hurricane season with new flood technology – Fox4Now.com

    Naples restaurant owner prepares for hurricane season with new flood technology – Fox4Now.com

    Emerging Memory and Storage Technology Market Analysis Report 2025-2034 | AI and HPC Boom Fuels Surging Demand for Fast, Low-Power Memory Devices – Yahoo Finance

    How AI and HPC Are Driving Explosive Growth in Fast, Low-Power Memory Technologies Through 2034

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Cyber experts alarmed by ‘trivial’ ConnectWise vulns

February 25, 2024
in Technology
Cyber experts alarmed by ‘trivial’ ConnectWise vulns
Share on FacebookShare on Twitter

The disclosure of two dangerous vulnerabilities in the popular ConnectWise ScreenConnect product is drawing comparisons with major cyber incidents, including the 2021 Kaseya attack


Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 22 Feb 2024 18:22

A pair of newly disclosed vulnerabilities in a widely used remote desktop access application beloved of managed services providers (MSPs) is drawing comparisons to the July 2021 cyber attack on Kaseya, with security experts describing exploitation as trivial.

The product in question, ConnectWise ScreenConnect, is widely used by remote workers and IT support teams alike. The first vulnerability enables a threat actor to achieve authentication bypass using an alternate path or channel and is tracked as CVE-2024-1709. It carries a critical CVSS score of 10, and has already been added to CISA’s Known Exploited Vulnerabilities (KEV) catalogue. Thile the second is a path traversal issue, tracked as CVE-2024-1708, which carries a CVSS score of 8.4.

ConnectWise has released fixes for the issue, and says cloud partners are remediated against both already, while on-premises partners should immediately update to version 23.9.10.8817. More information, including indicators of compromise (IoCs) is available here.

ConnectWise confirmed it was aware of and investigating notifications of suspicious activity around the two vulnerabilities, and on 21 February confirmed observed, active exploitation after proof-of-concept exploit code hit GitHub.

“Anyone with ConnectWise ScreenConnect 23.9.8 should take immediate steps to patch these systems. If they cannot patch immediately, they should take steps to remove them from the internet until they can patch. Users should also check for any indications of possible compromise given the speed with which attacks have followed these patches,” said Sophos X-Ops director Christopher Budd.

“The pairing of an exploitable vulnerability with external remote services is a significant factor in real-world attacks, as evidenced in the Active adversary report for tech Leaders based on incident response cases. External remote services are the number one initial access technique; while exploiting a vulnerability was the second most common root cause, at 23%, it has been the most common root cause in the past.

“This real-world data shows how powerful this combination is for attackers and why in this significantly elevated threat environment, vulnerable ConnectWise customers need to take immediate action to protect themselves,” he added.

Following ConnectWise’s initial disclosure notice, researchers at Huntress Security worked overnight to tear down the vulnerability, understand how it worked, and recreate the exploit.

Hanslovan said that the initial disclosure had been very sparse on technical details, and for good reason, but following publication of the PoC exploit code, the cat was now well and truly out of the bag. He described exploitation as “embarrassingly easy”.

“I can’t sugercoat it, this s**t is bad,” said Kyle Hanslovan, Huntress CEO. “We’re talking upwards of ten thousand servers that control hundreds of thousands of endpoints…. The sheer prevalence of this software and the access afforded by this vulnerability signals we are on the cusp of a ransomware free-for-all. Hospitals, critical infrastructure, and state institutions are proven at risk.”

Comparisons with Kaseya

The 2021 Kaseya hit by the REvil ransomware crew was one of the first high-profile supply chain incidents to raise widespread awareness of the security issues surrounding managed services.

The attack, which unfolded in the US over the 4 July holiday weekend, when security teams were enjoying some downtime, saw over a thousand organisations compromised via Kaseya’s endpoint and network management service.

The 2023 MOVEit managed file transfer incident had a similar impact, enabling the Clop/Cl0p ransomware gang to spread downstream into a great many organisations who had contracted with MOVEit customers.

Hanslovan said that comparisons with both incidents were apt, given the huge number of MSPs who use ConnectWise.

“There’s a reckoning coming with dual-purpose software; like Huntress uncovered with MOVEit over the summer, the same seamless functionality it gives to IT teams, it also gives to hackers,” he said.

“With remote access software, the bad guys can push ransomware as easily as the good guys can push a patch. And once they start pushing their data encryptors, I’d be willing to bet 90% of preventative security software won’t catch it because it’s coming from a trusted source.”

Read more on Hackers and cybercrime prevention


ConnectWise users see cyber attacks surge, including ransomware

AlexScroxton

By: Alex Scroxton


ConnectWise ScreenConnect flaws under attack, patch now

AlexanderCulafi

By: Alexander Culafi


MSP software landscape shifts amid consolidation, new tools

JohnMoore

By: John Moore


How Dutch hackers are working to make the internet safe

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366571077/Cyber-experts-alarmed-by-trivial-ConnectWise-vulns

Tags: CyberExpertstechnology
Previous Post

bill-steve-belichick

Next Post

CIO interview: Craig Donald, CIO, The Football Association

Late Paleolithic whale bone tools reveal human and whale ecology in the Bay of Biscay – Nature

Ancient Whale Bone Tools Reveal Secrets of Human and Whale Life in the Bay of Biscay

July 2, 2025
Exploring three theories of consciousness. – Psychology Today

Unveiling the Mysteries: Exploring Three Fascinating Theories of Consciousness

July 2, 2025
MIT student wins first-ever Stephen Hawking Junior Medal for Science Communication – MIT News

MIT student wins first-ever Stephen Hawking Junior Medal for Science Communication – MIT News

July 2, 2025
Here’s what your morning routine really says about you – New York Post

What Your Morning Routine Says About Who You Really Are

July 2, 2025
David Muir, Diane Sawyer, Charlie Gibson honor ‘World News Tonight’ stage manager – MSN

David Muir, Diane Sawyer, Charlie Gibson honor ‘World News Tonight’ stage manager – MSN

July 2, 2025
Amid Russian economy warnings, Lavrov says NATO’s increased defense spending will lead to ‘collapse’ of alliance – The Kyiv Independent

Lavrov Warns Soaring NATO Defense Budgets May Spark Alliance Collapse

July 2, 2025
Column: The new book ‘Sick and Dirty’ examines the not-so-hidden queerness of classic Hollywood – Yahoo

Uncovering the Bold Queerness of Classic Hollywood in the New Book ‘Sick and Dirty

July 2, 2025

In Good Health: Vaccines, Menopause, And Cardiovascular Disease : 1A – NPR

July 2, 2025
Bush and Obama fault Trump’s gutting of USAID on agency’s last day – CNN

Bush and Obama fault Trump’s gutting of USAID on agency’s last day – CNN

July 2, 2025
Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

Meiwu Technology Company Limited and Shenzhen Zhinuo – GlobeNewswire

July 2, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (702)
  • Economy (727)
  • Entertainment (21,615)
  • General (15,668)
  • Health (9,766)
  • Lifestyle (732)
  • News (22,149)
  • People (728)
  • Politics (734)
  • Science (15,945)
  • Sports (21,224)
  • Technology (15,711)
  • World (708)

Recent News

Late Paleolithic whale bone tools reveal human and whale ecology in the Bay of Biscay – Nature

Ancient Whale Bone Tools Reveal Secrets of Human and Whale Life in the Bay of Biscay

July 2, 2025
Exploring three theories of consciousness. – Psychology Today

Unveiling the Mysteries: Exploring Three Fascinating Theories of Consciousness

July 2, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version