Critical ConnectWise RMM Bug Poised for Exploitation Avalanche

Two days after disclosure, most instances of the remote desktop tool remain unpatched, while cyberattackers have started in-the-wild exploitation — and researchers warn it could get ugly, fast.

Follow Dark Reading:

February 22, 2024

LATEST SECURITY NEWS & COMMENTARY Critical ConnectWise RMM Bug Poised for Exploitation Avalanche Two days after disclosure, most instances of the remote desktop tool remain unpatched, while cyberattackers have started in-the-wild exploitation — and researchers warn it could get ugly, fast. El Al Flight Crew Suffers Midflight Communication Disruption Though the incident took place over a known Houthi area, some say this incident was at the hands of a Somali group, based on frequent communication disruptions in the country. 'Lucifer' Botnet Turns Up the Heat on Apache Hadoop Servers More than 3,000 unique attacks hitting Hadoop and Druid honeypots in just the past month indicate an attacker testing phase, portending fire and brimstone to come. 'VoltSchemer' Hack Allows Wireless Charger Takeovers Researchers tested their theory on nine chargers, each different and available to consumers, and found them all vulnerable to their attacks. How CISOs Balance Business Growth, Security in Cyber-Threat Landscape Collaboration, care, and proactive planning need to be part of CISO toolboxes as worsening threat environments become the new normal. CISOs need to adjust processes so business innovation can continue. Critical Vulnerability in VMware vSphere Plug-in Allows Session Hijacking Admins are urged to remove vSphere's vulnerable Enhanced Authentication Plug-in, which was discontinued nearly three years ago but is still widely in use. DoT, White House Tackle the Chinese Threat to US Port Security New investments and Coast Guard authority aim to curb the alleged threat that Chinese vendors pose to American maritime security. (Sponsored Article) Cyber-Risk Is Getting Personal Cyber-risk is no longer just business risk; it's also personal risk. Learn how to protect yourself and your organization from threats. MORE NEWS / MORE COMMENTARY HOT TOPICS Global Law Enforcement Disrupts LockBit Ransomware Gang Operation Cronos, a collab between authorities in the US, Canada, UK, Europe, Japan, and Australia — seizes data and website associated with the prolific cybercriminal organization and its affiliates. Cyber Insurance Needs to Evolve to Ensure Greater Benefit A catastrophic cyber event hasn't yet come to pass, but vast amounts of personal data have been compromised. We need to be prepared for worst-case scenarios. Meta Disrupts 8 Spyware Firms, 3 Fake News Networks While furiously trying to put out one fire — fake news — the social media giant is dealing with another growing threat: spies for hire. MORE PRODUCTS & RELEASES Vade Releases 2023 Phishers' Favorites Report Strata Identity Reins in Global Access and Compliance Challenges With Cross-Border Orchestration Recipes Quorum Cyber Joins Elite Microsoft FastTrack-Ready Partner Group LightEdge Releases Next-Gen Suite of Cloud Security & Managed Services Demand for 'Secure by Design' Product Growing, Creating Opportunity for Software Security Specialization MORE PRODUCTS & RELEASES EDITORS' CHOICE 'KeyTrap' DNS Bug Threatens Widespread Internet Outages Thanks to a 24-year-old security vulnerability tracked as CVE-2023-50387, attackers could stall DNS servers with just a single malicious packet, effectively taking out wide swaths of the Internet. LATEST FROM THE EDGE Library Cyber Defenses Are Falling Down Librarians are being asked to defend themselves online against sophisticated and complex attacks. It's an unequal fight. LATEST FROM DR TECHNOLOGY What Using Security to Regulate AI Chips Could Look Like An exploratory research proposal is recommending regulation of AI chips and stronger governance measures to keep up with the rapid technical innovations in artificial intelligence. LATEST FROM DR GLOBAL Iranian APTs Dress Up as Hacktivists for Disruption, Influence Ops Iran has taken a page from the Russian playbook: Passing off military groups as civilians for the sake of PR and plausible deniability. WEBINARS Securing the Software Development Life Cycle from Start to Finish Your Everywhere Security Guide: 4 Steps to Stop Cyberattacks View More Dark Reading Webinars >> WHITE PAPERS Understanding Today's Threat Actors Incident Response Planning Guide Endpoint Best Practices to Block Ransomware FortiSASE Customer Success Stories - The Benefits of Single Vendor SASE 2023 Gartner Magic Quadrant for Single-Vendor SASE 2023 Snyk AI-Generated Code Security Report Understanding AI Models to Future-Proof Your AppSec Program View More White Papers >> FEATURED REPORTS Industrial Networks in the Age of Digitalization Zero-Trust Adoption Driven by Data Protection The State of Supply Chain Threats View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | Informa Tech | Privacy Statement | Terms & Conditions | Contact Us