Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

What is Mistral AI? Everything you need to know about the OpenAI competitor

Podcasting platform Riverside is getting into the newsletter game

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    What is Mistral AI? Everything you need to know about the OpenAI competitor

    4 July 2026

    Anthropic is discussing a new custom chip with Samsung

    3 July 2026

    Jersey Mike’s IPO shows just how bad the AI ​​hype has gotten

    3 July 2026

    OpenAI proposed donating 5% of its equity to a US sovereign wealth fund

    2 July 2026

    SpaceX has a prototype AI device, and it sure sounds like a phone

    2 July 2026
  • Apps

    Podcasting platform Riverside is getting into the newsletter game

    4 July 2026

    Threads adds new features to Live Chats as it expands access

    4 July 2026

    Travel app Hopper to pay $35 million in FTC settlement over ‘unfair’ hidden fees

    3 July 2026

    Meta quietly launches vibe-encoded Pocket gaming app

    3 July 2026

    Popular TV-watching app TV Time is shutting down as the company focuses on artificial intelligence

    2 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026

    Anthropic’s latest spat with the Trump administration may actually help it, sales figures suggest

    17 June 2026
  • Hardware

    IQM, Europe’s first public quantum company, admits that the future of the technology is uncertain

    3 July 2026

    Thiel Capital’s Jack Selby commits stakes in hot startups like Etched through Arizona connections

    3 July 2026

    Ashton Kutcher is leaving Sound Ventures to start a new VC firm with Morgan Beller

    2 July 2026

    Flipper’s new Busy Bar is a customizable display for productivity

    30 June 2026

    South Korea’s tech giants pledge over $550 billion to ease ‘RAMageddon’

    30 June 2026
  • Media & Entertainment

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026

    Cloudflare’s new policy pushes AI companies to pay for publishers’ content

    1 July 2026

    Watch out, Amazon: The Kobo eReader now has a Goodreads rival

    29 June 2026

    YouTube Shorts just got even shorter with an update that lets you double the playback speed

    25 June 2026

    Deezer says its new feature allows fans to remix songs with the artist’s consent

    24 June 2026
  • Security

    Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

    3 July 2026

    The US government says it’s been hacked — again

    2 July 2026

    In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

    29 June 2026

    The Klue hack results in a data breach at several cybersecurity companies

    26 June 2026

    Cellebrite said it cut off Russia, but Russia used its tools anyway

    26 June 2026
  • Startups

    Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

    4 July 2026

    The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

    3 July 2026

    Last chance to apply — Startup Battlefield Australia applications close on 6 July

    3 July 2026

    Arcturus could halve grid electrical losses using nano-infused metals

    2 July 2026

    Indian tech tycoon bets $30 million of his own money to build AI alternative to Microsoft Office

    2 July 2026
  • Transportation

    Chevy built an all-American EV truck — why isn’t anyone buying it?

    3 July 2026

    Rivian raises EV sales forecast as second-quarter production ramps up

    3 July 2026

    Lucid Motors CFO steps down as new CEO continues leadership shakeup

    2 July 2026

    Tesla begins testing Cybercab without pedals or steering wheel in Austin

    2 July 2026

    Lime is starting life as a public company after years of uncertainty

    1 July 2026
  • Venture

    After $18B IPO, Bending Spoons Founder Says Success Comes From Minimizing Luck

    2 July 2026

    Bending Spoons defies SaaS slump, up 40% on first day of trading

    2 July 2026

    The DeepMind trio that created a poker AI is now making money for quantitative hedge funds

    1 July 2026

    Patronus AI lands $50 million to create ‘digital worlds’ that stress-test AI agents

    26 June 2026

    How to invest when everything is moving too fast

    24 June 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Researchers warn high-risk ConnectWise flaw under attack ’embarrassingly easy’ to exploit
Security

Researchers warn high-risk ConnectWise flaw under attack ’embarrassingly easy’ to exploit

techtost.comBy techtost.com24 February 202404 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Researchers Warn High Risk Connectwise Flaw Under Attack 'embarrassingly Easy' To
Share
Facebook Twitter LinkedIn Pinterest Email

“I can’t sugar coat it – this shit is bad,” said the Huntress CEO

The security experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and annoyingly easy” to exploit, as the software’s developer confirms that malicious hackers are actively exploiting the flaw.

The maximum severity vulnerability affects ConnectWise ScreenConnect (formerly ConnectWise Control), a popular remote access software that allows managed IT providers and technicians to provide real-time remote technical support to customer systems.

The flaw is described as an authentication bypass vulnerability that could allow an attacker to remotely intercept confidential data from vulnerable servers or deploy malicious code such as malware. The vulnerability was first reported to ConnectWise on February 13 and the company publicly disclosed details of the bug in a security advisory published on February 19.

ConnectWise initially said there was no indication of a public exploit, but noted in an update Tuesday that ConnectWise confirmed it “received updates on compromised accounts that our incident response team was able to investigate and confirm.”

The company also shared three IP addresses it says were “recently used by threat actors.”

When asked by TechCrunch, ConnectWise spokeswoman Amanda Lee declined to say how many customers are affected, but noted that ConnectWise has seen “limited reports” of suspected intrusions. Lee added that 80% of customer environments are cloud-based and automatically patched within 48 hours.

When asked if ConnectWise is aware of any data breaches or has the means to detect if data has been accessed, Lee said “no data breaches have been reported to us.”

Florida-based ConnectWise provides its remote access technology to more than a million small and medium-sized businesses, its website says.

Cybersecurity firm Huntress on Wednesday published analysis of the ConnectWise vulnerability that has been actively exploited. Huntress security researcher John Hammond told TechCrunch that Huntress is aware of “current and active” exploitation and is seeing early signs that threat actors are moving to “more focused post-exploitation and persistence mechanisms.”

“We see adversaries already deploying Cobalt Strike Beacons and even installing a ScreenConnect client on the affected server itself,” Hammond said, referring to the popular Cobalt Strike exploit framework, which is used by both security researchers for testing and malicious hackers. networks. “We can expect more of these compromises in the very near future.”

Huntress CEO Kyle Hanslovan added that Huntress customer telemetry shows visibility into more than 1,600 vulnerable servers.

“I can’t sugar coat it – this shit is bad. We’re talking over ten thousand servers controlling hundreds of thousands of endpoints,” Hanslovan told TechCrunch, noting that more than 8,800 ConnectWise servers remain vulnerable to the exploit.

Hanslovan added that due to “the sheer prevalence of this software and the access afforded by these vulnerabilities, we are on the cusp of a ransomware free-for-all.”

ConnectWise has released a patch for the actively exploited vulnerability and urges ScreenConnect users to apply the patch immediately. ConnectWise also released a patch for a separate vulnerability affecting its remote desktop software. Lee told TechCrunch that the company has seen no evidence that this flaw has been exploited.

Earlier this year, US government agencies CISA and the National Security Agency warned that they observed a “broad cyber campaign involving the malicious use of legitimate remote monitoring and management (RMM) software” — including ConnectWise SecureConnect — to target multiple federal civilian executive departments agencies.

US agencies also noticed hackers abusing remote access software from AnyDesk, which earlier this month was forced to reset passwords and revoke certificates after finding evidence of compromised production systems.

In response to questions from TechCrunch, Eric Goldstein, CISA’s executive assistant director of cybersecurity, said: “CISA is aware of a reported vulnerability affecting ConnectWise ScreenConnect, and we are working to understand a potential exploit in order to provide the necessary guidance and assistance ».


Are you affected by the ConnectWise vulnerability? Carly Page can be reached securely on Signal on +441536 853968 or by email at carly.page@techcrunch.com. You can also contact TechCrunch via SecureDrop.

attack binders ConnectWise cyber security easy embarrassingly exploit flaw Hacking highrisk researchers vulnerability Warn
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleByju founder ousted by shareholders says sacking rumors ‘highly exaggerated’
Next Article Reddit Downplays Risks of Developer Backlash, Decentralized Social Media in IPO Filing
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Politician who investigated abuses of wiretapping software on his phone with Pegasus spyware

3 July 2026

The US government says it’s been hacked — again

2 July 2026

In major privacy victory, Supreme Court rules that geo-trafficking warrants are protected by privacy rights

29 June 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

4 July 2026

What is Mistral AI? Everything you need to know about the OpenAI competitor

4 July 2026

Podcasting platform Riverside is getting into the newsletter game

4 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026

4 days left to save up to $190 on Founder Summit 2026

23 June 2026
Startups

Your Brand Deserves Its Own Stage — TechCrunch Disrupt 2026 Side Events

The browser wars aren’t about search anymore — here are the best alternatives to Chrome and Safari

Last chance to apply — Startup Battlefield Australia applications close on 6 July

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.