"Ransomware Exploits Critical ConnectWise ScreenConnect Flaws"
Sophos X-Ops is tracking a wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations, with attackers deploying malware to servers and workstations. ConnectWise has released a security advisory highlighting two critical vulnerabilities, urging immediate patching to version 23.9.8. Cloud-hosted implementations have received updates, but self-hosted instances remain at risk until manually upgraded. Sophos observed active exploitation in the wild, including attacks involving LockBit ransomware and other malware. Recommendations include confirming deployment type, scanning for unpatched instances, and implementing security measures. Sophos also provides detection and protection rules, as well as incident response guidance for organizations to mitigate risks and investigate potential incidents.
