ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
In addition to issuing new certificates, ConnectWise is releasing an update to improve how this configuration data is managed in ScreenConnect. This issue does not involve a compromise of their systems or certificates (including the event described in our May 28, 2025 Security Advisory). However, based on recent requirements from ConnectWise technology partners, they are required to rotate our certificates by Friday, June 13 at 8:00 p.m. ET. ConnectWise received this extended deadline Monday evening.
Read more…
Source: ConnectWise
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Critical flaw leaves thousands of Cisco Switches vulnerable to remote hacking
April 4, 2018
Security researchers at Embedi have disclosed a critical vulnerability in Cisco IOS Software and Cisco IOS XE Software that could allow an unauthenticated, remote attacker to execute arbitrary code, take full control over the vulnerable network equipment and intercept traffic. The stack-based buffer overflow vulnerability (CVE-2018-0171) resides due to improper validation of packet data in Smart ...
- New MacOS Backdoor Linked to OceanLotus Found
April 4, 2018
We identified a MacOS backdoor (detected by Trend Micro as OSX_OCEANLOTUS.D) that we believe is the latest version of a threat used by OceanLotus (a.k.a. APT 32, APT-C-00, SeaLotus, and Cobalt Kitty). OceanLotus was responsible for launching targeted attacks against human rights organizations, media organizations, research institutes, and maritime construction firms. The attackers behind OSX_OCEANLOTUS.D target MacOS computers which have ...
- Cryptocurrency Miner Distributed via PHP Weathermap Vulnerability, Targets Linux Servers
March 21, 2018
Legitimate and large-scale cryptocurrency mining operations often invest in dedicated hardware and electric consumption to make a profit. This doesn’t escape the attention of cybercriminals: Malicious cryptocurrency mining was so pervasive last year that it was the most detected network event in devices connected to home routers. Through our incident response-related monitoring, we observed intrusion attempts whose indicators we’ve been able to ...
- Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files
March 20, 2018
You have always been warned not to share remote access to your computer with untrusted people for any reason—it’s a basic cybersecurity advice, and common sense, right? But what if, I say you should not even trust anyone who invites or offer you full remote access to their computers. A critical vulnerability has been discovered in Microsoft’s Windows ...
- AMD Acknowledges Newly Disclosed Flaws In Its Processors — Patches Coming Soon
March 20, 2018
MD has finally acknowledged 13 critical vulnerabilities, and exploitable backdoors in its Ryzen and EPYC processors disclosed earlier this month by Israel-based CTS Labs and promised to roll out firmware patches for millions of affected devices ‘in the coming weeks.’ According to CTS-Labs researchers, critical vulnerabilities (RyzenFall, MasterKey, Fallout, and Chimera) that affect AMD’s Platform Security ...
- Spring break! Critical vuln in Pivotal framework’s Data parts plugged
March 5, 2018
Pivotal’s Spring Data REST project has a serious security hole that needs patching. Pivotal’s Spring Framework is a popular platform for building web apps. Spring Data REST is a collection of additional components for devs to build Java applications that offer RESTful APIs to underlying Spring Data repositories. These interfaces are widely used. Read more… Source: The Register