11 matches found
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
North Korean threat actors have exploited the recently disclosed security flaws in ConnectWise ScreenConnect to deploy a new malware called TODDLERSHARK. According to a report shared by Kroll with The Hacker News, TODDLERSHARK overlaps with known Kimsuky malware such as BabyShark and ReconShark...
Attacks, Vulnerabilities and Actors 19 to 25 February 2024
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries in the realm of cybersecurity threats. In the past week alone, a total of fifteen attacks were executed, five vulnerabilities were uncovered, and five active adversaries...
Threat Actor Groups, Including Black Basta, are Exploiting Recent ScreenConnect Vulnerabilities
This blog entry gives a detailed analysis of these recent ScreenConnect vulnerabilities. We also discuss our discovery of threat actor groups, including Black Basta and Bl00dy Ransomware gangs, that are actively exploiting CVE-2024-1708 and CVE-2024-1709 based on our telemetry...
ConnectWise ScreenConnect Unauthenticated Remote Code Execution
This module exploits an authentication bypass vulnerability that allows an unauthenticated attacker to create a new administrator user account on a vulnerable ConnectWise ScreenConnect server. The attacker can leverage this to achieve RCE by uploading a malicious extension module. All versions of...
ConnectWise ScreenConnect Service < 23.9.8 Multiple Vulnerabilities
According to its version, the ConnectWise ScreenConnect Service remote access software installed on the remote Windows host is prior to 23.9.8. It is, therefore affected by multiple vulnerabilities: - A path-traversal vulnerability which may allow an attacker the ability to execute remote code or...
CVE-2024-1708
creationtimestamp| type| source ---|---|--- 2024-02-21 17:22:10+00:00| seen| https://t.me/ctinow/189797 2024-02-21 17:31:30+00:00| seen| https://t.me/ctinow/189811 2024-02-22 10:40:05+00:00| exploited| https://t.me/truesecator/5446 2024-02-22 10:40:07+00:00| seen|...
CVE-2024-1708
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems...
CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems...
CVE-2024-1708 Improper limitation of a pathname to a restricted directory (“path traversal”)
ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems...
CVE-2024-1708
CVE-2024-1708/1709 affect ConnectWise ScreenConnect (Server 23.9.7 and earlier). A path-traversal flaw (CVE-2024-1708) may allow remote code execution; an authentication-bypass flaw (CVE-2024-1709) enables access without credentials, potentially leading to RCE. Public exploit tooling exists (e.g....
Exploit for Path Traversal in Connectwise Screenconnect
CVE-2024-1708 and CVE-2024-1709 A Proof of Concept developed...