ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
In addition to issuing new certificates, ConnectWise is releasing an update to improve how this configuration data is managed in ScreenConnect. This issue does not involve a compromise of their systems or certificates (including the event described in our May 28, 2025 Security Advisory). However, based on recent requirements from ConnectWise technology partners, they are required to rotate our certificates by Friday, June 13 at 8:00 p.m. ET. ConnectWise received this extended deadline Monday evening.
Read more…
Source: ConnectWise
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Security researcher discloses Safari bug after Apple delays patch
August 25, 2020
A security researcher has published details today about a Safari browser bug that could be abused to leak or steal files from users’ devices. The bug was discovered by Pawel Wylecial, co-founder of Polish security firm REDTEAM.PL. Wylecial initially reported the bug to Apple earlier this spring, in April, but the researcher decided to go public with ...
- Lifting the veil on DeathStalker, a mercenary triumvirate
August 24, 2020
State-sponsored threat actors and sophisticated attacks are often in the spotlight. Indeed, their innovative techniques, advanced malware platforms and 0-day exploit chains capture our collective imagination. Yet these groups still aren’t likely to be a part of the risk model at most companies, nor should they be. Businesses today are faced with an array of much ...
- Bug bounty platform ZDI awarded $25m to researchers over the past 15 years
August 20, 2020
Bug bounty platform pioneer Zero-Day Initiative (ZDI) said it awarded more than $25 million in bounty rewards to security researchers over the past decade and a half. In an anniversary post celebrating its 15-year-old birthday, ZDI said the bounty rewards represent payments to more than 10,000 security researchers for more than 7,500 successful bug submissions. Most of ...
- Cisco Critical Flaw Patched in WAN Software Solution
August 19, 2020
Cisco patched a critical flaw in its wide area network (WAN) software solution for enterprises, which if exploited could give remote, unauthenticated attackers administrator privileges. The flaw exists in Cisco Virtual Wide Area Application Services (vWAAS), which is software that Cisco describes as a “WAN optimization solution.” It helps manage business applications that are being leveraged ...
- Researchers Warn of Flaw Affecting Millions of IoT Devices
August 19, 2020
Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things (IoT) devices. If exploited, researchers speculated that the flaw could allow attackers to knock out a city’s electricity or even overdose a medical patient. The vulnerability exists in a widely used Cinterion module, a ...
- ‘EmoCrash’ Exploit Stoppered Emotet For 6 Months
August 17, 2020
A researcher was able to exploit a vulnerability in Emotet – effectively causing the infamous malware to crash and preventing it from infecting systems for six months. Emotet, which first emerged in 2014 and has since then evolved into a full fledged botnet that’s designed to steal account credentials and download further malware, mysteriously disappeared from ...