InfoSecBulletin Cybersecurity for mankind
IT administrators should update any on-premises ScreenConnect servers due to reports of a critical vulnerability being exploited in the wild.
CVE-2024-1709 is an authentication bypass bug. It has a CVSS score of 10.0. This bug can be used to execute code and access sensitive data without needing the user to interact. It can be exploited with relatively simple attacks.
Google fixes Chrome Password Manager bug hiding credentials
India Confirms BSNL’s Data Breach, formed committee to investigate
Malware Attacks Increase 30% in First Half of 2024
New DNS Vulnerability “TuDoor” Threatens Internet Security
Acronis Urged Users to Patch Vulnerability
OpenAI to test search engine called SearchGPT
CISA Unveils advisories for Two Industrial Control Systems
Researchers unveil ConfusedFunction Vulnerability in Google Cloud Platform
BD CIRT published advisory on Web Application and Database Security
GitLab fixed six security flaws and recommends updating shortly
ConnectWise, the company behind the remote desktop software, discovered a path traversal vulnerability with a CVSS score of 8.4. This vulnerability is now known as CVE-2024-1708.
Cloud customers have already received the updates, but on-premises customers need to take action.
“Partners that are self-hosted or on-premises need to update their servers to version 23.9.8 immediately to apply a patch,” the vendor said. “We’ve received notifications of suspicious activity that our incident response team has investigated.”
Separately, according to a US intelligence source, the initial access brokers currently exploiting the CVSS 10.0 bug will eventually sell it to ransomware actors.
“The sheer prevalence of this software and the access afforded by this vulnerability signals we are on the cusp of a ransomware free-for-all. Hospitals, critical infrastructure, and state institutions are proven at risk,” he warned.
“With remote access software, the bad guys can push ransomware as easily as the good guys can push a patch. And once they start pushing their data encryptors, I’d be willing to bet 90% of preventative security software won’t catch it because it’s coming from a trusted source.”
Around 3800 ConnectWise ScreenConnect instances are still vulnerable to exploitation of both bugs, according to a tweet from The Shadowserver Foundation yesterday.
