CVE-2024-1708

Ransomware payments drop to record low of 28% in Q1 2024 By Bill Toulas April 21, 2024 10:21 AM 0 Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show companies are increasingly refusing to pay extortion demands, leading to a record low of 28% of companies paying ransom in the first quarter of 2024. This figure was 29% in Q4 2023, and Coveware's stats show that diminishing payments have remained steady since early 2019. This decrease is due to o...

ScreenConnect flaws exploited to drop new ToddleShark malware By Bill Toulas March 4, 2024 05:14 PM 0 The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddleShark. Kimsuky (aka Thallium and Velvet Chollima) is a North Korean state-sponsored hacking group known for cyber espionage attacks on organizations and governments worldwide. The threat actors are exploiting authent...

ScreenConnect flaws exploited to drop new ToddlerShark malware By Bill Toulas March 4, 2024 05:14 PM 0 The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. Kimsuky (aka Thallium and Velvet Chollima) is a North Korean state-sponsored hacking group known for cyber espionage attacks on organizations and governments worldwide. The threat actors are exploiting authe...

Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks By Sergiu Gatlan February 27, 2024 01:53 PM 0 The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. This critical flaw (CVE-2024-1709) allows attackers to create admin accounts on Internet-exposed servers, delete all other users, and take over any vulnerable instance. CVE-2024-1709 has been under active expl...

ScreenConnect servers hacked in LockBit ransomware attacks By Sergiu Gatlan February 22, 2024 01:34 PM 0 Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. The maximum severity CVE-2024-1709 auth bypass flaw has been under active exploitation since Tuesday, one day after ConnectWise released security updates and several cybersecurity companies published proof-of-...

New ScreenConnect RCE flaw exploited in ransomware attacks By Sergiu Gatlan February 22, 2024 01:34 PM 0 Update February 23, 07:02 EST: Sophos published a report today saying that the ransomware payloads they spotted were built using the LockBit ransomware builder leaked online by a disgruntled malware developer in late September 2022. The samples seen by Sophos in this week's attacks were a buhtiRansom LockBit variant dropped on 30 different customer networks and a second payload...

ScreenConnect critical bug now under attack as exploit code emerges By Bill Toulas February 21, 2024 12:18 PM 0 Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software. A day after the vendor published the security issues, attackers started leveraging them in attacks. CISA has assigned CVE-2024-1708 and CVE-2024-1709 identifiers to the the two security issues, ...