ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware

Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers. [TechWeb]( Follow Dark Reading: [RSS]( February 26, 2024 LATEST SECURITY NEWS & COMMENTARY [ConnectWise ScreenConnect Mass Exploitation Delivers Ransomware]( Hundreds of initial access brokers and cybercrime gangs are jumping on the max-critical CVE-2024-1709 authentication bypass, threatening orgs and downstream customers. [Lovers' Spat? North Korea Backdoors Russian Foreign Affairs Ministry]( First Brad and Jennifer, now Kim and Putin? Romance truly is dead, as North Korea is caught spying (again) on its partner to the north with the Konni malware. [Orgs Face Major SEC Penalties for Failing to Disclose Breaches]( In what could be an enforcement nightmare, potentially millions of dollars in fines, reputational damage, shareholder lawsuits, and other penalties await companies that fail to comply with the SEC's new data-breach disclosure rules. [Fostering Collaboration for Standardized Threat Investigation & Response]( Working together can bring much-needed trust to the industry and help safeguard people, organizations, and government — now and in the future. [Avast to Pay $16.5M Fine for Selling Consumer Browsing Data]( The FTC found that Avast collected reams of personal data through its antivirus product, then sold it to more than 100 third parties without disclosing its practices. [Alarm Over GenAI Risk Fuels Security Spending in Middle East & Africa]( Organizations boost cybersecurity budgets to tackle data-privacy and cloud-security threats amid speedy adoption of generative AI. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Pharmacy Delays Across US Blamed on Nation-State Hackers]( Healthcare tech provider Change Healthcare says a suspected nation-state threat actor breached its systems, causing pharmacy transaction delays nationwide. [Hubris May Have Contributed to Downfall of Ransomware Kingpin LockBit]( The most prolific ransomware group in recent years was on the decline at the time of its takedown, security researchers say. [4 Key Steps to Reevaluate Your Cybersecurity Priorities]( Amid a spike in attacks, now is a good time for brands to strengthen their cybersecurity strategy. [MORE]( PRODUCTS & RELEASES [Beyond Identity Introduces Device360 for Security Risk Visibility Across All Devices]( [Palo Alto Networks Launches Cortex Platform Offer]( [Somos, Inc. Protects Businesses' IoT Assets With the Availability of SomosID]( [JumpCloud's Q1 2024 SME IT Trends Report Reveals AI Optimism Tempered by Security Concerns]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [iSoon's Secret APT Status Exposes China's Foreign Hacking Machinations]( Chinese government agencies are paying an APT, masked as a legitimate company, to spy on foreign and domestic targets of political interest. LATEST FROM THE EDGE [Privacy Beats Ransomware as Top Insurance Concern]( Despite ransomware losses remaining high, privacy violations have quickly risen to second in a list of expected cyber insurance claims costs. LATEST FROM DR TECHNOLOGY [Apple Beefs Up iMessage With Quantum-Resistant Encryption]( The revamped iMessage app uses Apple's new PQ3 post-quantum cryptographic protocol, which its engineers say will make it the most secure messaging app — but Signal's president begs to differ. LATEST FROM DR GLOBAL [Malawi Immigration Dept. Halts Passport Services Amid Cyberattack]( President of Malawi vows not to pay ransom to "appease criminals." WEBINARS - [API Security: Protecting Your Application's Attack Surface]( - [Your Everywhere Security Guide: 4 Steps to Stop Cyberattacks]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [A Solution Guide to Operational Technology Cybersecurity]( - [Demystifying Zero Trust in OT]( - [Causes and Consequences of IT and OT Convergence]( - [Strengthen Microsoft Defender with MDR]( - [Stopping Active Adversaries: Lessons from the Cyber Frontline]( - [Mandiant Threat Intelligence at Penn State Health]( - [The Forrester Wave: External Threat Intelligence Service Providers, Q3 2023]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How to Deploy Zero Trust for Remote Workforce Security]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=121594&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_02.26.24&sp_cid=52169&utm_content=DR_NL_Dark%20Reading%20Daily_02.26.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#3e If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)