"Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws"

According to security researchers at Trend Micro, more threat actors have started exploiting two recently resolved vulnerabilities in the ConnectWise ScreenConnect remote desktop access software.  The issues tracked as CVE-2024-1709 (CVSS score of 10) and CVE-2024-1708 (CVSS score of 8.4) are described as an authentication bypass flaw and a path traversal bug.  The researchers noted that ConnectWise disclosed the security defects on February 19, when it announced patches for them.  Two days later, the company updated its advisory to warn of ongoing exploitation.  A proof-of-concept (PoC) exploit targeting the flaws, collectively referred to as SlashAndGrab, was made public last week, and threat actors quickly started exploiting them for malware delivery.  The researchers have noticed more cybercrime groups have begun exploiting the flaws, including the Black Basta and Bl00dy ransomware groups.  Following initial access to vulnerable servers, Black Basta was seen performing reconnaissance, discovery, and elevation of privilege activities and deploying Cobalt Strike payloads.

 

SecurityWeek reports: "Black Basta, Bl00dy Ransomware Exploiting Recent ScreenConnect Flaws"

Submitted by Adam Ekwall on