New Vulnerability in Connectwise ScreenConnect
By Karla Reffold
A new patch has been issued for CVE-2024-1709, a vulnerability present in Connectwise ScreenConnect, a remote access support tool that can be cloud or self-hosted. ConnectWise also suspended non-patched versions of the tool to avoid further exploitation. Companies are urged to upgrade to the latest version immediately.
CVE-2024-1709 does not require a high level of skill to exploit, which increases the risk that this will be used by a large number of threat actors. CVE 2024-1708, a vulnerability that requires higher-level permissions for the exploit to be successful, was also patched in this release.
The vulnerability was first reported on February 13th. At the time, there was no evidence of exploitation and no details were released. However, earlier this week, MSPs reported increased activity targeting ScreenConnect. Associated indicators of compromise have been released by ConnectWise. Reports have also emerged of Lockbit exploiting the vulnerability, despite their operations being seized by law enforcement. This emphasizes the fact that Lockbit affiliates may still be active.
In 2021, Kaseya’s RMM tool was compromised by the ransomware group, REvil. Despite a small number of Kaseya clients being compromised, the downstream effects were significant. The Kaseya attack has served as a warning to the MSP market and it is likely ConnectWise has this in mind as they take action on these vulnerabilities.
ConnectWise also took extra precaution and is allowing any users of ScreenConnect to upgrade to the latest version, even those without a maintenance contract. The decision to prioritize the security of their product above revenue is likely to pay dividends for their brand reputation.
Why is this important?
- ScreenConnect has a large market share and any successful attack could have a significant impact on the SME market.
- Around 4,000 instances of ScreenConnect are visible globally.
- The vulnerability is in the small percentage of new vulnerabilities under active exploit and should be taken seriously.
What should you do?
- Download the latest version of ScreenConnect or advise any clients running the tool to upgrade immediately.
Share News
New SIM Swapping Attacks
By Karla Reffold According to new research, eSIM cards are being hijacked for cyber attacks. eSIM cards are remotely programmable chips that are stored within ... Learn More
Google engineer stealing AI secrets
By Karla Reffold The U.S. Department Of Justice announced this week an indictment against an engineer who stole Google’s intellectual property (IP) while he worked ... Learn More
Enhancing Cybersecurity: Recent Vendor Advancements
By Karla Reffold In the past few weeks there has been a number of positive vendor updates focused on improving security for their users. Apple ... Learn More
