Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)

ConnectWise ScreenConnect, a widely used remote desktop product, has recently been found vulnerable to two critical security flaws, assigned CVE numbers CVE-2024-1709 and CVE-2024-1708. These vulnerabilities, if exploited, can lead to remote code execution, potentially compromising sensitive data and critical systems. What’s more alarming is that reports are indicating active exploitation of these vulnerabilities in the wild.

Practical Steps to Prevent SQL Injection Vulnerabilities

In today's digital landscape, web applications and APIs are constantly under threat from malicious actors looking to exploit vulnerabilities. A common and dangerous attack is a SQL injection. In this blog, we will explore SQL injection vulnerabilities and attacks, understand their severity levels, and provide practical steps to prevent them. By implementing these best practices, you can enhance the security of your web applications and APIs.

Critical Authentication Bypass Vulnerability in ScreenConnect (CVE-2024-1709)

ConnectWise urges organizations using an on-premises installation of the ScreenConnect remote monitoring and management software (formerly known as ConnectWise Control) to update servers to version 23.9.8 immediately due to a critical remote code execution vulnerability. The ScreenConnect remote desktop product is at risk due to a pair of vulnerabilities: CVE-2024-1709 and CVE-2024-1708.

Copilot amplifies insecure codebases by replicating vulnerabilities in your projects

Did you know that GitHub Copilot may suggest insecure code if your existing codebase contains security issues? On the other hand, if your codebase is already highly secure, Copilot is less likely to generate code with security issues. AI coding assistants can suggest insecure code due to their limited understanding of your specific codebase. They imitate learned patterns or utilize available context without providing judgment.

Conversations with Charlotte AI: Vulnerabilities on Internet-Facing Hosts

With Charlotte AI, the information security analysts need to stop breaches is simply a question away. Watch how analysts are turning hours of work into minutes and seconds — getting the context they need to identify vulnerabilities on internet-facing hosts.

CVE-2024-1709 & CVE-2024-1708: Follow-Up: Active Exploitation and PoCs Observed for Critical ScreenConnect Vulnerabilities

On February 20, 2024, we published a security bulletin detailing newly disclosed authentication bypass and path traversal vulnerabilities in ConnectWise ScreenConnect. Shortly after the bulletin was sent, ConnectWise updated their security bulletin with IOCs from observed active exploitation of these vulnerabilities. On February 21, 2024, the vulnerabilities were assigned the following CVE numbers.

How to build a modern DevSecOps culture: Lessons from Jaguar Land Rover and Asda

People, processes, and tooling all impact an organization’s ability to maintain a strong AppSec program. In a recent panel at Black Hat Europe, Snyk spoke with two customers — Jaguar Land Rover (JLR) and Asda — about the unique challenges they face managing development teams, onboarding new security tools, and building a modern DevSecOps program throughout their organizations.

ConnectWise Vulnerability: Authentication Bypass in ScreenConnect

Widespread exploitation of these vulnerabilities in the wild has been confirmed including comprise of UnitedHealth’s Change Healthcare on February 22nd, by Lockbit. Sophos has confirmed various strains of malware using these vulnerabilities as part of delivery including LockBit ransomware, AsyncRAT, infostealers, etc.

A Grim Outlook for Microsoft with MonikerLink and Exchange Vulnerabilities

Microsoft's Patch Tuesday updates in February 2024 include critical fixes for two zero-day vulnerabilities: CVE-2024-21413 impacting Microsoft Outlook (called MonikerLink) and CVE-2024-21410 impacting Microsoft Exchange Server. The former allows remote code execution to access and leak privileged information, while the latter permits privilege escalation (potentially using credentials leaked by the former). These security risks expose a victim's machine to potentially malicious arbitrary code execution.

Troubleshooting Vulnerability Scan Failures: A Quick Guide

In the digital age, assuring the security and integrity of IT infrastructure is paramount for businesses of all sizes. Vulnerability scanning plays a crucial role in identifying weaknesses in systems and networks, and forms the backbone of any robust cybersecurity strategy. What happens, however, when this critical step fails or encounters issues?