Trending

Kenya Faces Tax Shake-Up: Impact on Digital Services & Startups

East Africa Internet Outage: Undersea Cable Breaks Disrupt Connectivity

Zimbabwe Politician’s Son Arrested for Illegally Possessing Starlink Terminal

Airtel Africa’s Mobile Money IPO: Expanding Horizons in 2025

Unveiling Africa’s Top Ten Tech Sectors: Transforming Industries and Empowering Communities

Building Investment-Worthy Startups: Strategies for Success

WhatsApp Introduces Chat Filters: Streamlining Message Management for Users

Unraveling Bitcoin’s Energy Appetite: Understanding Mining and Environmental Impact

Baobab Network Acquires Reflector Marketing: Boosting Support for African Startups

Google rolls out Gemini in Android Studio for coding assistance

DECEMBER 9, 2022
Security

Security experts caution that hackers are taking advantage of vulnerabilities in ConnectWise to deploy LockBit ransomware

  • by TechBoy
  • February 23, 2024
  • 2 minute read
Security experts caution that hackers are taking advantage of vulnerabilities in ConnectWise to deploy LockBit ransomware

Security experts are cautioning that hackers are taking advantage of vulnerabilities in ConnectWise to deploy LockBit ransomware, despite recent efforts by law enforcement to disrupt the notorious cybercrime gang. The flaws include an authentication bypass vulnerability (CVE-2024-1709) and a path traversal vulnerability (CVE-2024-1708). The authentication bypass vulnerability is described as “embarrassingly easy” to exploit, and both vulnerabilities impact ConnectWise ScreenConnect, a widely used remote access tool. The flaws allow attackers to remotely plant malicious code on affected systems.

Cybersecurity companies Huntress and Sophos have observed LockBit attacks following the exploitation of these vulnerabilities. Sophos noted on Mastodon that it had observed “several LockBit attacks” after the exploitation of the ConnectWise vulnerabilities. Despite a recent law enforcement operation claiming to take down LockBit’s infrastructure, some affiliates of the cybercrime gang appear to be still active.

ConnectWise released security updates promptly after the vulnerabilities were identified and urged organizations to patch their systems. However, the flaws are actively being exploited in the wild, putting users at risk. Both vulnerabilities can be exploited to compromise user privacy and security.

LockBit ransomware’s infrastructure was seized as part of “Operation Cronos,” a law enforcement initiative led by the U.K.’s National Crime Agency. The operation aimed to disrupt LockBit’s activities, resulting in the takedown of public-facing websites and servers. Despite this major action, cybersecurity companies continue to observe LockBit attacks in the wild.

ConnectWise has not disclosed the number of users impacted by these vulnerabilities, and it remains unclear how many businesses have been affected. The company claims to provide its remote access technology to over a million small to medium-sized businesses. The Shadowserver Foundation, a nonprofit analyzing malicious internet activity, reports that the ScreenConnect flaws are being widely exploited. It has identified hundreds of IP addresses actively exploiting the vulnerabilities, emphasizing the widespread nature of the threat.

TechBoy

Editor

Previous Article

FTC Prohibits Antivirus Giant Avast from Selling User Browsing Data to Advertisers.

February 23, 2024
Next Article

Partech concludes its second Africa-focused fund, raising over $300 million for investments spanning from seed to Series C

February 23, 2024

Related Post

InsightsSecurity

“To Pay or Not to Pay: Navigating the Ransomware Decision”

January 20, 2024
InsightsSecurity

“URGENT: M-Pesa Unregistered Users Face Deadline for Fund Withdrawal – Act Now!”

February 8, 2024
NewsSecurity

Check Point and Microsoft unveil collaboration on AI-driven security measures

March 27, 2024




whatApp channel


wingu store
wingu store