ConnectWise, a prominent technology company based in Tampa, Florida, recently disclosed vulnerabilities in its ScreenConnect tool, affecting cloud and on-premises instances. The company took swift action, notifying partners through its Trust Center and providing instructions for immediate updates to on-premises servers. While ConnectWise has successfully patched all cloud environments, attention has shifted to addressing vulnerabilities in on-premises installations.
Patch Deployment and Impact:
ConnectWise swiftly patched all cloud environments and instructed on-premises partners to update their servers immediately. Patrick Beggs, CISO for ConnectWise, stressed the importance of maintaining good cyber hygiene to prevent exploitation.
Mitigation Efforts:
Ciaran Chu, general manager of ConnectWise ScreenConnect, reported that approximately 80% of ScreenConnect users were mitigated last week. ConnectWise has been actively communicating with partners to ensure all systems are secure.
Exploitation and Response:
Mandiant discovered several vulnerabilities being exploited by threat actors deploying ransomware and other malicious activities. Huntress detected and eliminated active adversaries who were exploiting ScreenConnect access.
ConnectWise and Change Healthcare Incident:
While one incident involving Change Healthcare was reported, ConnectWise has not confirmed a direct connection to the ScreenConnect vulnerability. ConnectWise continues to investigate and collaborate with relevant parties.
Read more about the Change Healthcare Incident here.
CISA Involvement and Recommendations:
CISA has added the vulnerabilities to its Known Exploited Vulnerabilities Catalog and issued a notice urging partners to update their systems promptly. ConnectWise has provided guidance and support to partners, including making older versions available for critical vulnerability fixes.
Conclusion:
The recent emphasis on vulnerabilities underscores the critical need for all organizations to prioritize system security. In light of these serious vulnerabilities, immediate action is imperative to secure systems and protect against potential exploits. Collaboration among partners and stakeholders is essential in implementing proactive measures to mitigate risks effectively.
Learn more about the vulnerability here.
Protect Your Existing Security Stack
PC Matic‘s zero-trust allowlisting solution prevents hacking and cyber-attacks. Block all malware, ransomware, and malicious scripts from executing. Protect your business data, users, and network with our allowlist cybersecurity solution.
PC Matic delivers complete home and business cybersecurity protection against ransomware, malware, identity theft, online tracking, data breaches, and more. For over 20 years, PC Matic’s award-winning cyber protection has saved millions of satisfied customers from becoming the next cybercrime victim and is exclusively made in the USA.
Learn more about PC Matic today!
pcmatic.com
sales@pcmatic.com