ConnectWise

ConnectWise

ConnectWise, which offers a self-hosted, remote desktop software application suffered an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link.

The warning comes just weeks after the company quietly patched a vulnerability that makes it easier for phishers to launch these attacks.

In October, ConnectWise learned that an attacker could craft a ConnectWise Control client download link that would bounce or proxy the remote connection from the MSP’s servers to a server that the attacker controls.

ConnectWise issued advisory warning users to be on guard against a new round email phishing attempts that mimic legitimate email alerts the company sends when it detects unusual activity on a customer account.

Source: https://krebsonsecurity.com/2022/12/connectwise-quietly-patches-flaw-that-helps-phishers/

"id": "CON01841222",
"linkid": "connectwise",
"type": "Vulnerability",
"date": "12/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.