InfoSecBulletin Cybersecurity for mankind
IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild.
CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to interact. It can be exploited with relatively simple attacks.
Cisco released security updates for two critical security flaws
OpenBAS: Cutting-edge breach and attack simulation platform
Critical Security Flaws Patched in Zyxel Networking Devices
CVE-2024-38811: CEV In VMware Fusion Unveiled
CERT-IN Warns Vulnerabilities in Palo Alto Networks applications
How Malaysia’s Data Centre Industry Poised for Growth
RansomHub exfiltrated data over 210 victims: US alert
Godzilla Fileless Backdoor Exploits Atlassian Confluence flaw
New Cicada ransomware targets VMware ESXi servers
Monday hits two UK bank apps causes outages
ConnectWise, the company behind the remote desktop software, discovered a path traversal vulnerability with a CVSS score of 8.4. This vulnerability is now known as CVE-2024-1708.
Cloud customers have already received the updates, but on-premises customers need to take action.
“Partners that are self-hosted or on-premises need to update their servers to version 23.9.8 immediately to apply a patch,” the vendor said. “We’ve received notifications of suspicious activity that our incident response team has investigated.”
Separately, according to a US intelligence source, the initial access brokers currently exploiting the CVSS 10.0 bug will eventually sell it to ransomware actors.
“The sheer prevalence of this software and the access afforded by this vulnerability signals we are on the cusp of a ransomware free-for-all. Hospitals, critical infrastructure, and state institutions are proven at risk,” he warned.
“With remote access software, the bad guys can push ransomware as easily as the good guys can push a patch. And once they start pushing their data encryptors, I’d be willing to bet 90% of preventative security software won’t catch it because it’s coming from a trusted source.”
Around 3800 ConnectWise ScreenConnect instances are still vulnerable to exploitation of both bugs, according to a tweet from The Shadowserver Foundation yesterday.
