ConnectWise Urges Customers to Patch Critical ScreenConnect Flaws Being Exploited to Deliver Malware
-
ConnectWise ScreenConnect has critical authentication bypass and path traversal vulnerabilities being actively exploited to deliver malware. Customers urged to update to version 23.9.8.
-
Multiple attackers pushing ransomware payloads, infostealers, and remote access tools through vulnerable ScreenConnect servers and clients.
-
Detailed analysis of attack techniques and payloads, including LockBit ransomware variants, Cobalt Strike, AsyncRAT, password stealers, and more.
-
Recommendations for identification, isolation, analysis, and incident response around affected ScreenConnect installations.
-
New XDR queries released to help security teams hunt for signs of ScreenConnect server exploitation and post-compromise activity.