Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit
Reading Time: 2 minutesSecurity experts are warning that a high-risk vulnerability in a widely used remote access tool is ‘trivial and embarrassingly easy’ to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw.
The maximum severity-rated vulnerability affects ConnectWise ScreenConnect (formerly ConnectWise Control), a popular remote access software that allows managed IT providers and technicians to provide real-time remote technical support on customer systems.
The flaw is described as an authentication bypass vulnerability that could allow an attacker to remotely steal confidential data from vulnerable servers or deploy malicious code, such as malware. The vulnerability was first reported to ConnectWise on February 13, and the company publicly disclosed details of the bug in a security advisory published on February 19.
ConnectWise initially said there was no indication of public exploitation, but noted in an update on Tuesday that ConnectWise confirmed it has ‘received updates of compromised accounts that our incident response team have been able to investigate and confirm.’
The company also shared three IP addresses which it says ‘were recently used by threat actors.’
When asked if ConnectWise is aware of any data exfiltration or whether it has the means to detect if any data was accessed, Lee said ‘there has been no data exfiltration reported to us.’
Florida-based ConnectWise provides its remote access technology to more than a million small to medium-sized businesses, its website says.
‘We are seeing adversaries already deploy Cobalt Strike beacons and even install a ScreenConnect client onto the affected server itself,’ said Hammond, referring to the popular exploitation framework Cobalt Strike, used both by security researchers for testing and abused by malicious hackers to break into networks. ‘We can expect more of these compromises in the very near future.’
Huntress CEO Kyle Hanslovan added that Huntress’ own customer telemetry shows visibility into more than 1,600 vulnerable servers.
Hanslovan added that due to the ‘sheer prevalence of this software and the access afforded by this vulnerability signals we are on the cusp of a ransomware free-for-all.’
Earlier this year, U.S. government agencies CISA and the National Security Agency warned that they had observed a ‘widespread cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software’ — including ConnectWise SecureConnect — to target multiple federal civilian executive branch agencies.
The U.S. agencies also observed hackers abusing remote access software from AnyDesk, which was earlier this month forced to reset passwords and revoke certificates after finding evidence of compromised production systems.
Ref: techcrunch
MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG