* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, July 23, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    AP Entertainment SummaryBrief at 1:51 p.m. EDT – Channel 3000

    Entertainment Highlights: Key Updates You Can’t Miss

    ‘Devil Wears Prada 2’ casts Anne Hathaway’s love interest replacing Adrian Grenier’s Nate – Entertainment Weekly

    Devil Wears Prada 2′ Casts New Love Interest for Anne Hathaway, Replacing Adrian Grenier’s Nate

    12 ‘Late Show’ Moments Proving Stephen Colbert Can’t Be Replaced – The Mountaineer

    12 Unforgettable ‘Late Show’ Moments That Prove Stephen Colbert Is Truly One of a Kind

    Canes owner Tom Dundon’s real estate firm eyes entertainment complex near RDU – The Business Journals

    Canes Owner Tom Dundon’s Real Estate Firm Unveils Plans for Thrilling New Entertainment Complex Near RDU

    Inspired Entertainment, Inc.’s (NASDAQ:INSE) Price Is Right But Growth Is Lacking After Shares Rocket 29% – simplywall.st

    Inspired Entertainment Soars 29% but Growth Momentum Falls Short

    Kroger shares summer entertainment tips – Supermarket Perimeter

    Ultimate Summer Entertainment Tips to Make Your Season Unforgettable

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Transformative technology, support for food entrepreneurs spotlighted – University of Hawaii System

    How Cutting-Edge Technology and Strong Support Are Revolutionizing Food Entrepreneurs’ Success

    Cold Weather Alloy Opens New Possibilities for Space Technology – Universe Today

    Revolutionary Cold Weather Alloy Unlocks New Frontiers in Space Technology

    Defence Holdings PLC Transitions from Esports to Pioneering Defence Technology

    Bull of the Day: Credo Technology Group (CRDO) – Yahoo Finance

    Bull of the Day: Why Credo Technology Group (CRDO) Is Poised for a Breakout

    BlackSky Technology Inc. Stock Analysis and Forecast – Explosive wealth accumulation – Jammu Links News

    BlackSky Technology Inc.: Unlocking Explosive Wealth Potential Through Expert Stock Analysis and Forecast

    Polypurine Hairpin Technology is Safe, Effective at Inhibiting PCSK9 to Regulate Cholesterol – Pharmacy Times

    Polypurine Hairpin Technology: A Safe and Powerful Breakthrough for Controlling Cholesterol by Targeting PCSK9

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    AP Entertainment SummaryBrief at 1:51 p.m. EDT – Channel 3000

    Entertainment Highlights: Key Updates You Can’t Miss

    ‘Devil Wears Prada 2’ casts Anne Hathaway’s love interest replacing Adrian Grenier’s Nate – Entertainment Weekly

    Devil Wears Prada 2′ Casts New Love Interest for Anne Hathaway, Replacing Adrian Grenier’s Nate

    12 ‘Late Show’ Moments Proving Stephen Colbert Can’t Be Replaced – The Mountaineer

    12 Unforgettable ‘Late Show’ Moments That Prove Stephen Colbert Is Truly One of a Kind

    Canes owner Tom Dundon’s real estate firm eyes entertainment complex near RDU – The Business Journals

    Canes Owner Tom Dundon’s Real Estate Firm Unveils Plans for Thrilling New Entertainment Complex Near RDU

    Inspired Entertainment, Inc.’s (NASDAQ:INSE) Price Is Right But Growth Is Lacking After Shares Rocket 29% – simplywall.st

    Inspired Entertainment Soars 29% but Growth Momentum Falls Short

    Kroger shares summer entertainment tips – Supermarket Perimeter

    Ultimate Summer Entertainment Tips to Make Your Season Unforgettable

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Transformative technology, support for food entrepreneurs spotlighted – University of Hawaii System

    How Cutting-Edge Technology and Strong Support Are Revolutionizing Food Entrepreneurs’ Success

    Cold Weather Alloy Opens New Possibilities for Space Technology – Universe Today

    Revolutionary Cold Weather Alloy Unlocks New Frontiers in Space Technology

    Defence Holdings PLC Transitions from Esports to Pioneering Defence Technology

    Bull of the Day: Credo Technology Group (CRDO) – Yahoo Finance

    Bull of the Day: Why Credo Technology Group (CRDO) Is Poised for a Breakout

    BlackSky Technology Inc. Stock Analysis and Forecast – Explosive wealth accumulation – Jammu Links News

    BlackSky Technology Inc.: Unlocking Explosive Wealth Potential Through Expert Stock Analysis and Forecast

    Polypurine Hairpin Technology is Safe, Effective at Inhibiting PCSK9 to Regulate Cholesterol – Pharmacy Times

    Polypurine Hairpin Technology: A Safe and Powerful Breakthrough for Controlling Cholesterol by Targeting PCSK9

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Cyber experts alarmed by ‘trivial’ ConnectWise vulns

February 25, 2024
in Technology
Cyber experts alarmed by ‘trivial’ ConnectWise vulns
Share on FacebookShare on Twitter

The disclosure of two dangerous vulnerabilities in the popular ConnectWise ScreenConnect product is drawing comparisons with major cyber incidents, including the 2021 Kaseya attack


Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 22 Feb 2024 18:22

A pair of newly disclosed vulnerabilities in a widely used remote desktop access application beloved of managed services providers (MSPs) is drawing comparisons to the July 2021 cyber attack on Kaseya, with security experts describing exploitation as trivial.

The product in question, ConnectWise ScreenConnect, is widely used by remote workers and IT support teams alike. The first vulnerability enables a threat actor to achieve authentication bypass using an alternate path or channel and is tracked as CVE-2024-1709. It carries a critical CVSS score of 10, and has already been added to CISA’s Known Exploited Vulnerabilities (KEV) catalogue. Thile the second is a path traversal issue, tracked as CVE-2024-1708, which carries a CVSS score of 8.4.

ConnectWise has released fixes for the issue, and says cloud partners are remediated against both already, while on-premises partners should immediately update to version 23.9.10.8817. More information, including indicators of compromise (IoCs) is available here.

ConnectWise confirmed it was aware of and investigating notifications of suspicious activity around the two vulnerabilities, and on 21 February confirmed observed, active exploitation after proof-of-concept exploit code hit GitHub.

“Anyone with ConnectWise ScreenConnect 23.9.8 should take immediate steps to patch these systems. If they cannot patch immediately, they should take steps to remove them from the internet until they can patch. Users should also check for any indications of possible compromise given the speed with which attacks have followed these patches,” said Sophos X-Ops director Christopher Budd.

“The pairing of an exploitable vulnerability with external remote services is a significant factor in real-world attacks, as evidenced in the Active adversary report for tech Leaders based on incident response cases. External remote services are the number one initial access technique; while exploiting a vulnerability was the second most common root cause, at 23%, it has been the most common root cause in the past.

“This real-world data shows how powerful this combination is for attackers and why in this significantly elevated threat environment, vulnerable ConnectWise customers need to take immediate action to protect themselves,” he added.

Following ConnectWise’s initial disclosure notice, researchers at Huntress Security worked overnight to tear down the vulnerability, understand how it worked, and recreate the exploit.

Hanslovan said that the initial disclosure had been very sparse on technical details, and for good reason, but following publication of the PoC exploit code, the cat was now well and truly out of the bag. He described exploitation as “embarrassingly easy”.

“I can’t sugercoat it, this s**t is bad,” said Kyle Hanslovan, Huntress CEO. “We’re talking upwards of ten thousand servers that control hundreds of thousands of endpoints…. The sheer prevalence of this software and the access afforded by this vulnerability signals we are on the cusp of a ransomware free-for-all. Hospitals, critical infrastructure, and state institutions are proven at risk.”

Comparisons with Kaseya

The 2021 Kaseya hit by the REvil ransomware crew was one of the first high-profile supply chain incidents to raise widespread awareness of the security issues surrounding managed services.

The attack, which unfolded in the US over the 4 July holiday weekend, when security teams were enjoying some downtime, saw over a thousand organisations compromised via Kaseya’s endpoint and network management service.

The 2023 MOVEit managed file transfer incident had a similar impact, enabling the Clop/Cl0p ransomware gang to spread downstream into a great many organisations who had contracted with MOVEit customers.

Hanslovan said that comparisons with both incidents were apt, given the huge number of MSPs who use ConnectWise.

“There’s a reckoning coming with dual-purpose software; like Huntress uncovered with MOVEit over the summer, the same seamless functionality it gives to IT teams, it also gives to hackers,” he said.

“With remote access software, the bad guys can push ransomware as easily as the good guys can push a patch. And once they start pushing their data encryptors, I’d be willing to bet 90% of preventative security software won’t catch it because it’s coming from a trusted source.”

Read more on Hackers and cybercrime prevention


ConnectWise users see cyber attacks surge, including ransomware

AlexScroxton

By: Alex Scroxton


ConnectWise ScreenConnect flaws under attack, patch now

AlexanderCulafi

By: Alexander Culafi


MSP software landscape shifts amid consolidation, new tools

JohnMoore

By: John Moore


How Dutch hackers are working to make the internet safe

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366571077/Cyber-experts-alarmed-by-trivial-ConnectWise-vulns

Tags: CyberExpertstechnology
Previous Post

bill-steve-belichick

Next Post

CIO interview: Craig Donald, CIO, The Football Association

Women’s Gymnastics All Sports Schedule 2025 – Mountain West Conference

2025 Women’s Gymnastics Schedule: Exciting Matchups in the Mountain West Conference

July 23, 2025
Fyodor Konyukhov sets off on an ecological expedition across three oceans – realnoevremya.com

Fyodor Konyukhov sets off on an ecological expedition across three oceans – realnoevremya.com

July 22, 2025
‘A disaster for all of us’: US scientists describe impact of Trump cuts – theguardian.com

A Disaster for All of Us’: How Trump’s Cuts Devastated US Science

July 22, 2025
Lycoming College launches new data science academic program – NorthcentralPA.com

Lycoming College Launches Exciting New Data Science Program

July 22, 2025
Lifestyle startup Escape Plan raises $5 million to launch over 100 offline stores across India – Indian Startup News

Lifestyle Startup Escape Plan Raises $5 Million to Launch Over 100 Offline Stores Across India

July 22, 2025
Kauffman Foundation launches new executive role to lead its Real World Learning team – Startland News

Kauffman Foundation Launches Dynamic New Executive Role to Propel Real-World Learning Initiatives

July 22, 2025
Economic Planning Shouldn’t Be a Swear Word – Jacobin

Why It’s Time to Give Economic Planning Another Shot

July 22, 2025
AP Entertainment SummaryBrief at 1:51 p.m. EDT – Channel 3000

Entertainment Highlights: Key Updates You Can’t Miss

July 22, 2025
Department of Labor changes home health care, migrant farm worker rules – WBUR

Department of Labor changes home health care, migrant farm worker rules – WBUR

July 22, 2025
Band’s set nixed over ‘politics and propaganda’ concerns in Luzerne County – WNEP

Band’s set nixed over ‘politics and propaganda’ concerns in Luzerne County – WNEP

July 22, 2025

Categories

Archives

July 2025
MTWTFSS
 123456
78910111213
14151617181920
21222324252627
28293031 
« Jun    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (734)
  • Economy (757)
  • Entertainment (21,641)
  • General (16,046)
  • Health (9,795)
  • Lifestyle (765)
  • News (22,149)
  • People (759)
  • Politics (766)
  • Science (15,974)
  • Sports (21,255)
  • Technology (15,739)
  • World (740)

Recent News

Women’s Gymnastics All Sports Schedule 2025 – Mountain West Conference

2025 Women’s Gymnastics Schedule: Exciting Matchups in the Mountain West Conference

July 23, 2025
Fyodor Konyukhov sets off on an ecological expedition across three oceans – realnoevremya.com

Fyodor Konyukhov sets off on an ecological expedition across three oceans – realnoevremya.com

July 22, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version