Close Menu
TechTost
  • AI
  • Apps
  • Crypto
  • Fintech
  • Hardware
  • Media & Entertainment
  • Security
  • Startups
  • Transportation
  • Venture
  • Recommended Essentials
What's Hot

Uber’s product manager on hotels, robotaxi and why the company doesn’t want to be “everything to everyone”

Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

Already rich, already successful, because the latest wave of tech winners is grinding again

Facebook X (Twitter) Instagram
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer
Facebook X (Twitter) Instagram
TechTost
Subscribe Now
  • AI

    Already rich, already successful, because the latest wave of tech winners is grinding again

    14 July 2026

    Should artificial intelligence help you get away with murdering your husband?

    13 July 2026

    Meta enters the crowded AI coding fray with Muse Spark 1.1

    13 July 2026

    Can AI answer the $3 trillion question?

    12 July 2026

    OpenAI shuts down Atlas, but AI browser ambitions keep growing

    12 July 2026
  • Apps

    Waze adds new AI-powered features and customization updates

    14 July 2026

    As TV-watching app TV Time shuts down, its founder creates Bingers, a new home for fans

    13 July 2026

    Elon Musk says X will send DMs when posts you’ve interacted with are fixed

    13 July 2026

    ‘Slow-cial’ Roost app forces you to slow down to the speed of a carrier pigeon

    12 July 2026

    Character.AI is entering the micro-drama arena with its own productions, but there’s a twist

    12 July 2026
  • Crypto

    Venice AI goes unicorn with $65M Series A as first privacy AI platform takes off

    1 July 2026

    Crypto Exchange OKX wants AI agents to hire and pay each other

    30 June 2026

    Startup Battlefield 200 applications close today

    27 May 2026

    5 days left: Save up to $410 on Disrupt 2026 passes

    25 May 2026

    As crypto cools, a16z crypto raises $2.2 billion in capital

    6 May 2026
  • Fintech

    Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

    10 July 2026

    India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

    28 June 2026

    Early Bird pricing ends tonight for the Founder Summit

    26 June 2026

    4 days left to save up to $190 on Founder Summit 2026

    23 June 2026

    Robinhood’s note on 10% layoffs shows that blaming AI doesn’t cut it

    17 June 2026
  • Hardware

    Meta’s new AI chips will begin production in September

    12 July 2026

    This slush machine was a lifesaver during the New York heat wave

    12 July 2026

    Dumb Co dared me to exchange my iPhone for a hacked phone

    11 July 2026

    SK Hynix raises $26.5 billion in largest foreign public IPO in US history, set to build new fabs in US

    11 July 2026

    After Apple, smartphone manufacturing boom in India enters new phase with Vivo JV

    10 July 2026
  • Media & Entertainment

    12 states sue to block $110 billion Paramount deal from Warner Bros

    14 July 2026

    Netflix could be planning “always on” live TV channels.

    11 July 2026

    Netflix is ​​dealing with shorter video content with its new set of publisher deals with Variety and others

    8 July 2026

    Netflix invented binge watching. Now he may be over it.

    7 July 2026

    New Google ad imagines a Declaration of Independence written with the help of artificial intelligence

    4 July 2026
  • Security

    Apple says ex-employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

    13 July 2026

    US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

    11 July 2026

    Florida ransomware dealer convicted of helping ransomware gang extort US companies

    10 July 2026

    Hacktivists call out Trump by hacking and defacing US military websites

    8 July 2026

    Canada’s spy agency says it hacked drug traffickers, extremists and a ransomware gang last year

    6 July 2026
  • Startups

    AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

    12 July 2026

    Hot French startup ZML releases free product to speed up inference on multiple AI chips

    12 July 2026

    Former OpenAI executive Kevin Weil is now on Stoke Space’s board

    11 July 2026

    Phia Accused of ‘Cookie Stuffing’, Taking Affiliate Credit for Unearned Purchases

    11 July 2026

    Oratomic raises $300M to build sustainable quantum computer that only needs 20,000 qubits

    10 July 2026
  • Transportation

    Uber’s product manager on hotels, robotaxi and why the company doesn’t want to be “everything to everyone”

    14 July 2026

    SpaceX decided to fly Starship again after the booster failed in May

    13 July 2026

    TechCrunch Mobility: A robotaxi ultimatum

    12 July 2026

    Slate Auto partners with Crayola to paint its EV truck

    10 July 2026

    Autonomous drone delivery startup Manna plans major US expansion

    9 July 2026
  • Venture

    Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

    14 July 2026

    Filed Under: College Fizz App Accuses VC Of Sharing Confidential Startup Info With Rival Sidechat

    11 July 2026

    Charles Hudson shares the common mistakes he’s seen after investing in 500+ startups

    10 July 2026

    Nandan Nilekani steps down as GP at Fundamentum as it launches third $200m fund

    9 July 2026

    What are bending spoons? The little-known owner of AOL and Vimeo who is now public

    5 July 2026
  • Recommended Essentials
TechTost
You are at:Home»Security»Researchers say exploitable security flaws in ConnectWise remote access software are now under massive attack
Security

Researchers say exploitable security flaws in ConnectWise remote access software are now under massive attack

techtost.comBy techtost.com26 February 202403 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Email
Researchers Say Exploitable Security Flaws In Connectwise Remote Access Software
Share
Facebook Twitter LinkedIn Pinterest Email

Security researchers say a pair of easily exploitable flaws in a popular remote access tool used by more than a million companies worldwide are now being widely exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.

Cybersecurity giant Mandiant she said in a post on Friday that it has “discovered mass exploitation” of the two flaws in ConnectWise ScreenConnect, a popular remote access tool that allows IT and technicians to remotely provide technical support directly to customer systems over the Internet.

The two vulnerabilities include CVE-2024-1709, an authentication bypass vulnerability that researchers deemed “embarrassingly easy” for attackers to exploit, and CVE-2024-1708, a path traversal vulnerability that allows hackers to remotely code, such as malware. , on vulnerable ConnectWise client instances.

ConnectWise first disclosed the flaws on February 19 and urged on-premises customers to install security patches immediately. However, thousands of servers remain vulnerable, according to data from the Shadowserver Foundationand each of these servers can manage up to 150,000 client devices.

Mandiant said it had identified “various threat actors” exploiting the two flaws and warned that “many of them will deploy ransomware and perform multifaceted extortion,” but did not attribute the attacks to specific threat groups.

Finnish cybersecurity company WithSecure said a blog post On Monday its researchers also observed “massive exploitation” of ScreenConnect’s flaws by multiple threat actors. WithSecure said these hackers are exploiting the vulnerabilities to develop password stealers, backdoors and in some cases ransomware.

WithSecure also said it observed hackers exploiting the flaws to deploy a Windows variant of the KrustyLoader backdoor on unpatched ScreenConnect systems, the same kind of backdoor planted by hackers exploiting recent vulnerabilities in Ivanti’s enterprise VPN software. WithSecure said it could not yet attribute the activity to a specific threat group, although others have linked the past activity to a Chinese-backed hacking group focused on espionage.

Security researchers at Sophos and Huntress both said last week that they had spotted the LockBit ransomware gang launching attacks exploiting ConnectWise vulnerabilities – just days after an international law enforcement operation claimed to have disrupted the notorious gang’s operations cybercrime linked to Russia.

Hunter he said in his analysis that it has since observed a “number of adversaries” using exploits to deploy ransomware and a “significant number” of adversaries using exploits developing cryptocurrency mining software, has installed additional “legitimate” remote access tools to maintain stable access to the victim’s network, and creating new users on compromised machines.

It’s not yet known how many customers or end users of ConnectWise ScreenConnect are affected by these vulnerabilities, and ConnectWise representatives did not respond to TechCrunch’s questions. The company’s website claims that the organization provides remote access technology to more than one million small and medium-sized businesses that manage more than 13 million devices.

On Sunday, ConnectWise canceled a previously scheduled interview between TechCrunch and CISO Patrick Beggs that had been scheduled for Monday. ConnectWise did not give a reason for the last-minute cancellation.


Are you affected by the ConnectWise vulnerability? Carly Page can be reached securely on Signal at +441536 853968 or via email at carly.page@techcrunch.com. You can also contact TechCrunch via SecureDrop.

access attack binders ConnectWise cyber security exploitable flaws Hacking massive ransomware remote researchers security software
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleFlowGPT is the wild west of GenAI applications
Next Article BLKFAM powered by Whoopi Goldberg kicks off with 1,000+ hours of kids programming
bhanuprakash.cg
techtost.com
  • Website

Related Posts

Apple says ex-employee exploited ‘rare’ bug to download confidential files after leaving for OpenAI

13 July 2026

US cybersecurity agency CISA had to create the incident guide during the incident, the agency reveals

11 July 2026

Florida ransomware dealer convicted of helping ransomware gang extort US companies

10 July 2026
Add A Comment

Leave A Reply Cancel Reply

Don't Miss

Uber’s product manager on hotels, robotaxi and why the company doesn’t want to be “everything to everyone”

14 July 2026

Hermes agent maker Nous Research is in talks for fresh funding at a $1.5 billion valuation

14 July 2026

Already rich, already successful, because the latest wave of tech winners is grinding again

14 July 2026
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Fintech

Don’t want to invest in Elon Musk? Two new ETFs expressly exclude him

10 July 2026

India’s payments chief believes artificial intelligence will play a big part in the next era of digital payments development

28 June 2026

Early Bird pricing ends tonight for the Founder Summit

26 June 2026
Startups

AI chip maker SambaNova raises $1 billion at $11 billion valuation, 5 months after last mega round

Hot French startup ZML releases free product to speed up inference on multiple AI chips

Former OpenAI executive Kevin Weil is now on Stoke Space’s board

© 2026 TechTost. All Rights Reserved
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
  • Disclaimer

Type above and press Enter to search. Press Esc to cancel.