1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • ConnectWise software found to have severe security vulnerabilitie

    From TechnologyDaily@1337:1/100 to All on Thu Jan 11 16:15:04 2024
    ConnectWise software found to have severe security vulnerabilities, so be on your guard

    Date:
    Thu, 11 Jan 2024 16:04:54 +0000

    Description:
    Researchers found a zero-day in ConnectWise that could be used to gain access to vulnerable devices.

    FULL STORY ======================================================================

    ConnectWise ScreenConnect has been found to carry a high severity zero-day vulnerability which allows threat actors to mount devastating attacks against endpoints .

    The flaw was detected and reported to ConnectWise by cybersecurity
    researchers from Gotham Security.

    If the vulnerabilities were left unaddressed, bad actors would have been able to gain access to all workstations and servers with ScreenConnect from a
    local network and then escalate their privileges to be local administrators
    on the affected systems, the researchers explained, suggesting that no threat actors managed to exploit the flaw in the wild. Remote access tools under assault

    ScreenConnect is a cloud-based operations management solution that allows technicians to perform remote support, gain remote access and run remote meetings. Essentially, its a remote access tool used, according to Gotham Security, by tens of thousands of enterprise customers.

    Remote access tools are often a target by cybercriminals who use it to gain
    an initial foothold into the victims network and deploy more dangerous malware.

    In mid-November 2023, cybersecurity researchers from Huntress warned that attacks using TDS instance of ScreenConnect were about to escalate, mostly against healthcare organizations in the US. The researchers said hackers somehow obtained access to these instances and were using them to drop
    malware to endpoints belonging to two distinct organizations: one in the pharmaceutical sector and the other in healthcare. The only thing they have
    in common, the researchers stressed, is the ScreenConnect instance, as both endpoints are a Windows Server 2019 system.

    In April last year, researchers observed hackers using Action1 RMM, an otherwise benign remote desktop monitoring and management solution, in their campaigns.

    Just as any other remote management tool out there, Action1 is used by
    managed service providers (MSPs) and other IT teams to manage endpoints in a network from a remote location. They can use it to handle software patches, software installation, troubleshooting, and similar.

    After it was made aware of the vulnerability, ConnectWise released a patch, which is now available for download. More from TechRadar Pro Remote Access vs Remote Desktop: What's the difference? Here's a list of the best firewalls around today These are the best remote desktop tools on offer for your business



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/connectwise-software-found-to-have-seve re-security-vulnerabilities-so-be-on-your-guard


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)