ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
In addition to issuing new certificates, ConnectWise is releasing an update to improve how this configuration data is managed in ScreenConnect. This issue does not involve a compromise of their systems or certificates (including the event described in our May 28, 2025 Security Advisory). However, based on recent requirements from ConnectWise technology partners, they are required to rotate our certificates by Friday, June 13 at 8:00 p.m. ET. ConnectWise received this extended deadline Monday evening.
Read more…
Source: ConnectWise
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control
May 18, 2022
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions of VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud ...
- Vulnerability Spotlight: Multiple memory corruption vulnerabilities in NVIDIA GPU driver
May 17, 2022
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics drivers are software for NVIDIA Graphics GPU cards that are installed on PCs. The D3D10 driver communicates between the operating system and the GPU. It’s ...
- CISA Adds Two Known Exploited Vulnerabilities to Catalog
May 16, 2022
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the ...
- Apache Releases Security Advisory for Tomcat
May 16, 2022
The Apache Software Foundation has released a security advisory to address a vulnerability in multiple versions of Tomcat. An attacker could exploit this vulnerability to obtain sensitive information. CISA encourages users and administrators to review Apache’s security advisory and apply the necessary updates. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Apple emergency update fixes zero-day used to hack Macs, Watches
May 16, 2022
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. Zero-days are security flaws that the software vendor is unaware of and hasn’t yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch arrives ...
- Microsoft closes Windows LSA hole under active attack
May 11, 2022
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That’s seven critical bugs, 66 deemed important, and one ranked low severity. At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code. After April’s astonishing 100-plus ...