Security researchers say a pair of easy-to-exploit flaws in a popular remote access tool used by more than a million companies around the world are now being mass-exploited, with hackers abusing the vulnerabilities to deploy ransomware and steal sensitive data.
ConnectWise first disclosed the flaws on February 19 and urged on-premise customers to install security patches immediately.
Finnish cybersecurity firm WithSecure said in a blog post Monday that its researchers have also observed “en-mass exploitation” of the ScreenConnect flaws from multiple threat actors.
It’s not yet known how many ConnectWise ScreenConnect customers or end users are affected by these vulnerabilities, and ConnectWise spokespeople did not respond to TechCrunch’s questions.
The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses that manage over 13 million devices.
LoanDepot says about 17 million customers had personal data and Social Security numbers stolen during cyberattackAlmost 17 million LoanDepot customers had sensitive personal information, including Social Security numbers, stolen in a January ransomware attack, the company has confirmed.
The loan and mortgage giant company said in a data breach notice filed with Maine’s attorney general’s office that the stolen LoanDepot customer data includes names, dates of birth, email and postal addresses, financial account numbers, and phone numbers.
The stolen data also includes Social Security numbers, which LoanDepot collected from customers.
The number of affected LoanDepot customers rose from 16.6 million as initially disclosed to federal regulators last month, which did not say what specific customer data had been stolen.
Mortgage and loan giant Mr. Cooper said hackers stole the personal information of more than 14 million customers during an October cyberattack, costing the company at least $25 million in additional costs.
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang.
In a post on Mastodon on Thursday, Sophos said that it had observed “several LockBit attacks” following exploitation of the ConnectWise vulnerabilities.
“Two things of interest here: first, as noted by others, the ScreenConnect vulnerabilities are being actively exploited in the wild.
Rogers said that Huntress has seen LockBit ransomware deployed on customer systems spanning a range of industries, but declined to name the customers affected.
The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses.
Researchers warn high-risk ConnectWise flaw under attack is ’embarrassingly easy’ to exploit “I can’t sugarcoat it — this shit is bad," said Huntress' CEOSecurity experts are warning that a high-risk vulnerability in a widely used remote access tool is “trivial and embarrassingly easy” to exploit, as the software’s developer confirms malicious hackers are actively exploiting the flaw.
The maximum severity-rated vulnerability affects ConnectWise ScreenConnect (formerly ConnectWise Control), a popular remote access software that allows managed IT providers and technicians to provide real-time remote technical support on customer systems.
Cybersecurity company Huntress on Wednesday published an analysis of the actively exploited ConnectWise vulnerability.
ConnectWise also released a fix for a separate vulnerability affecting its remote desktop software.
The U.S. agencies also observed hackers abusing remote access software from AnyDesk, which was earlier this month forced to reset passwords and revoke certificates after finding evidence of compromised production systems.
1Password, the AgileBits-owned password management software developer, today announced that it has acquired Kolide, an endpoint security platform, for an undisclosed amount.
According to 1Password CEO Jeff Shiner, Kolide founder and CEO Jason Meller and all of Kolide’s 30 employees will join 1Password “as an intact team.” Meller has taken on the role of VP of product at 1Password.
Kolide’s platform, which Meller co-launched in 2016 with Mike Arpaia and Zach Wasserman, offers security-related endpoint alerts, remediation and more delivered via Slack.
Kolide attempts to prevent unknown endpoint devices from accessing corporate apps.
Prior to the acquisition, Kolide managed to pull in $26.6 million in venture capital from OpenView, Matrix and other VCs and angels.
Mercedes-Benz accidentally exposed a trove of internal data after leaving a private key online that gave “unrestricted access” to the company’s source code, according to the security research firm that discovered it.
The London-based cybersecurity company said it discovered a Mercedes employee’s authentication token in a public GitHub repository during a routine internet scan in January.
According to Mittal, this token — an alternative to using a password for authenticating to GitHub — could grant anyone full access to Mercedes’s GitHub Enterprise Server, thus allowing the download of the company’s private source code repositories.
“The GitHub token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the internal GitHub Enterprise Server,” Mittal explained in a report shared by TechCrunch.
It’s not known if anyone else besides Mittal discovered the exposed key, which was published in late-September 2023.
The U.K.’s Competition and Markets Authority (CMA) is launching a formal probe into the proposed merger between Vodafone and Three UK.
That is some 18 months form when they first revealed their plans back in June.
It’s not entirely clear how that might impact this latest merger attempt, but Smith reckons that deal is as good as dead, regardless of what any court might subsequently find.
“The previous Three/O2 merger is still technically going through the EU courts, but that deal is long since dead in reality,” Smith said.
“We strongly believe that the proposed merger of Vodafone and Three will significantly enhance competition by creating a combined business with more resources to invest in infrastructure to better compete with the two larger converged players,” Vodafone UK CEO Ahmed Essam said in a statement.
Prompt Security was founded by Itamar Golan (CEO) and Lior Drihem (CTO), who both previously worked at Check Point and Orca Security.
The company’s tools automatically detect patterns related to GenAI usage and then layers an enforcement policy on top of that.
Golan stressed that the company is trying to build an entire platform here by covering various aspects of an organization’s GenAI usage.
“We are trying to build a one-stop solution for GenAI security.
Over time, the company plans to launch more services that help its customers increase their GenAI security posture.
After failing to find any, he — along with Roboflow’s head of machine learning Jacob Salowetz and Benedict — developed a platform from the ground up to let organizations build and train GenAI models within a secure compute environment.
“Arcee revolutionizes AI for highly regulated industries such as legal, healthcare, insurance and financial services,” McQuade said.
Contextual AI, for example, offers tools to tailor GenAI models — specifically large language models (LLMs) along the lines of OpenAI’s ChatGPT — to business use cases.
First, Arcee’s platform is end-to-end, employing an “adaptive” system for training, deploying and monitoring GenAI models.
This booming AI market, particularly in industry-specific solutions, positions Arcee uniquely as a standout player.
X, formerly Twitter, today announced support for passkeys, a new and more secure login method than traditional passwords, which will become an option for U.S. users on iOS devices.
Today we’re excited to launch Passkeys as a login option for our US-based users on iOS!
For instance, this January, the U.S. Securities and Exchange’s X account was hacked to share an unauthorized post regarding Bitcoin ETF approval.
In the days since Musk’s takeover of Twitter/X, the company removed another security measure that helped keep accounts secure when it announced last year that it would no longer support SMS 2FA for non-paying accounts.
However, the reality was that removing the security protection made Twitter less secure, as a result.
