RMM
Hackers use RMM tools to breach freighters and steal cargo shipments
Threat actors are targeting freight brokers and trucking carriers with malicious links and emails to deploy remote monitoring and management tools (RMMs) that enable them to hijack cargo and steal physical goods. Researchers tracked the activity to June, but they found evidence of these types of campaigns delivering NetSupport and ScreenConnect since January. According to email security […]
CISA warns of N-able N-central flaws exploited in zero-day attacks
CISA warned on Wednesday that attackers are actively exploiting two security vulnerabilities in N‑able’s N-central remote monitoring and management (RMM) platform. N-central is commonly used by managed services providers (MSPs) and IT departments to monitor, manage, and maintain client networks and devices from a centralized web-based console. According to CISA, the two flaws can allow […]
Hackers turn ScreenConnect into malware using Authenticode stuffing
Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client’s Authenticode signature. ConnectWise ScreenConnect is a remote monitoring and management (RMM) software that allows IT admins and managed service providers (MSPs) to troubleshoot devices remotely. When a ScreenConnect installer is built, it can be customized […]
ConnectWise breached in cyberattack linked to nation-state hackers
IT management software firm ConnectWise says a suspected state-sponsored cyberattack breached its environment and impacted a limited number of ScreenConnect customers. “ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation state actor, which affected a very small number of ScreenConnect customers,” ConnectWise shared in a brief advisory. […]
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack
The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers’ systems. Sophos was brought in to investigate the attack and believe the threat actors exploited a chain of older SimpleHelp vulnerabilities tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 to […]
Kickidler employee monitoring software abused in ransomware attacks
Ransomware operations are using legitimate Kickidler employee monitoring software for reconnaissance, tracking their victims’ activity, and harvesting credentials after breaching their networks. In attacks observed by cybersecurity companies Varonis and Synacktiv, Qilin and Hunters International ransomware affiliates installed Kickidler, an employee monitoring tool that can capture keystrokes, take screenshots, and create videos of the screen. Kickidler’s developer says the tool […]