#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
AI Security

ConnectWise | Breaking Cybersecurity News | The Hacker News

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Apr 24, 2024 Malware / Endpoint Security
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver a malware called SSLoad . The campaign, codenamed  FROZEN#SHADOW  by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software. "SSLoad is designed to stealthily infiltrate systems, gather sensitive information and transmit its findings back to its operators," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said in a report shared with The Hacker News. "Once inside the system, SSLoad deploys multiple backdoors and payloads to maintain persistence and avoid detection." Attack chains involve the use of phishing messages to randomly target organizations in Asia, Europe, and the Americas, with emails containing links that lead to the retrieval of a JavaScript file that kicks off the infection flow. Earlier this month, Palo Alto Networks uncovered at least two different method
Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

Feb 20, 2024 Vulnerability / Network Security
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - Improper limitation of a pathname to a restricted directory aka "path traversal" CVE-2024-1709 (CVSS score: 10.0) - Authentication bypass using an alternate path or channel The company deemed the severity of the issues as critical, citing they "could allow the ability to execute remote code or directly impact confidential data or critical systems." Both the vulnerabilities impact ScreenConnect versions 23.9.7 and prior, with fixes available in version 23.9.8. The flaws were reported to the company on February 13, 2024. While there is no evidence that the shortcomings have been exploited in the wild, users who are running self-hosted or on-premise versions are recommended
10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit

Jul 15, 2024Cyber Crime / Data Protection
Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn't it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that's basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we slowly learning its full destructive potential. In this article, we will describe how the entire cybercriminal ecosystem operates, the ways various threat actors exploit data originating from it, and most importantly, what you can do about it. Let's start with what infostealer malware actually is. As the name suggests, it's malware that... steals data. Depending on the specific type, the information it extracts might differ slightly, but most will try to extract the following: Cryptocurrency wallets Bank account information and saved credit card details Saved passwords from various apps Bro
Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution

Critical RCE Vulnerability Reported in ConnectWise Server Backup Solution

Nov 01, 2022
IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager (SBM). The issue,  characterized  as a "neutralization of Special Elements in Output Used by a Downstream Component," could be abused to result in the execution of remote code or disclosure of sensitive information. ConnectWise's advisory notes that the flaw affects Recover v2.9.7 and earlier, as well as R1Soft SBM v6.16.3 and earlier, are impacted by the critical flaw. At its core, the issue is tied to an upstream authentication bypass vulnerability in the ZK open source Ajax web application framework ( CVE-2022-36537 ), which was initially patched in May 2022. "Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover (v2.9.9)," the company  said , urging customers to upgrade to  SBM v6.16.4  shipped on October 28, 2022. Cybersecurity firm Huntress 
cyber security

Top 4 Security Risks of GenAI

websiteWizGenAI Security / Technology
Gain a competitive edge and unlock the top 4 major emerging risks within GenAI. This report from Gartner provides insights and recommended actions for security and product leaders.
Expert Insights
Cybersecurity Resources