"Ransomware Exploits Critical ConnectWise ScreenConnect Flaws"
Sophos X-Ops is tracking a wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations, with attackers deploying malware to servers and workstations. ConnectWise has released a security advisory highlighting two critical vulnerabilities, urging immediate patching to version 23.9.8. Cloud-hosted implementations have received updates, but self-hosted instances remain at risk until manually upgraded. Sophos observed active exploitation in the wild, including attacks involving LockBit ransomware and other malware. Recommendations include confirming deployment type, scanning for unpatched instances, and implementing security measures. Sophos also provides detection and protection rules, as well as incident response guidance for organizations to mitigate risks and investigate potential incidents.
- ConnectWise ScreenConnect attacks deliver malware Sophos
- Hackers are exploiting ConnectWise flaws to deploy LockBit ransomware, security experts warn TechCrunch
- New ScreenConnect RCE flaw exploited in ransomware attacks BleepingComputer
- Ransomware associated with LockBit still spreading 2 days after server takedown Ars Technica
- Critical ConnectWise ScreenConnect flaw exploited in the wild: Update CSO Online
Reading Insights
0
1
14 min
vs 15 min read
96%
2,878 → 102 words
Want the full story? Read the original article
Read on Sophos