ConnectWise is updating the digital signing certificates used in ScreenConnect, ConnectWise Automate, and ConnectWise RMM due to concerns raised by a third-party researcher about how ScreenConnect handled certain configuration data in earlier versions.
In addition to issuing new certificates, ConnectWise is releasing an update to improve how this configuration data is managed in ScreenConnect. This issue does not involve a compromise of their systems or certificates (including the event described in our May 28, 2025 Security Advisory). However, based on recent requirements from ConnectWise technology partners, they are required to rotate our certificates by Friday, June 13 at 8:00 p.m. ET. ConnectWise received this extended deadline Monday evening.
Read more…
Source: ConnectWise
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Microsoft Recall snapshots can be easily grabbed with TotalRecall tool
June 6, 2024
Microsoft’s Recall feature has been criticized heavily by pretty much everyone since it was announced last month. Now, researchers have demonstrated the risks by creating a tool that can find, extract, and display everything Recall has stored on a device. For those unaware, Recall is a feature within what Microsoft is calling its “Copilot+ PCs,” a ...
- Critical Path Traversal Vulnerability in Check Point Security Gateways (CVE-2024-24919)
June 5, 2024
The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is more severe than it initially appears. While labeled as a sensitive information disclosure vulnerability, it is actually a path traversal attack leading ...
- The Dreaded Network Pivot: An Attack Intelligence Story
June 4, 2024
Rapid7 recently released our 2024 Attack Intelligence Report, a 14-month deep dive into the vulnerability and attacker landscape. The spiritual successor to their annual Vulnerability Intelligence Report, the AIR includes data from the Rapid7 research team combined with their detection and response and threat intelligence teams. It is designed to provide the clearest view yet into ...
- The impact of legacy vulnerabilities in today’s cybersecurity landscape
June 4, 2024
Of the top five most widely used network attacks against SMBs, the ‘newest’ vulnerability represented were nearly three years old, while the oldest were over a decade old – which is primitive when considering the modern threat environment. The results are a clear reminder for CISOs and cybersecurity leaders that they must assess organizational threats based ...
- CVE-2024-24919: Check Point Security Gateway Information Disclosure
May 30, 2024
On May 28, 2024, Check Point published an advisory for CVE-2024-24919, a high-severity information disclosure vulnerability affecting Check Point Security Gateway devices configured with either the “IPSec VPN” or “Mobile Access” software blade. On May 29, 2024, security firm mnemonic published a blog reporting that they have observed in-the-wild exploitation of CVE-2024-24919 since April 30, 2024, ...
- Confluence Data Center and Server Remote Code Execution Vulnerability
May 30, 2024
The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures. Confluence Server is a software to manage documentation and knowledge bases with an ubiquitous presence across the globe. Identified as CVE-2024-21683, Confluence Data Center and Server ...