ConnectWise Quietly Patches Flaw That Helps Phishers – Krebs on Security
data breach
malware
A popular remote desktop software application has issued a warning about a phishing attack that can let attackers take control over user systems when recipients click the included link. ConnectWise, a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack
Using a free ConnectWise trial account, Pyle showed the company how easy it was to create a client executable that is cryptographically signed by ConnectWise and can bypass those network restrictions by bouncing the connection through an attacker’s ConnectWise control server. When a support technician wants to use ConnectWise to remotely administer a computer, the ConnectWise website generates an executable file that is digitally signed by ConnectWise and downloadable by the client via a hyperlink. Meaning, an attacker could craft a ConnectWise client download link that would bounce or proxy the remote connection from the MSP’s servers to a server that the attacker controls.
Source read time: 4 min - krebsonsecurity.com
Also offered in: Nederlands