Live dump of random #CTI / #ThreatIntel as I go through #KittenBusters
1/ If you see the username uuminder in your network and specifically in your ScreenConnect please send my regards to your new Iranian friend. for real hello the PWD is U123um10nder
#CVE-2024-1709 #APT35 @campuscodi.risky.biz
1/ If you see the username uuminder in your network and specifically in your ScreenConnect please send my regards to your new Iranian friend. for real hello the PWD is U123um10nder
#CVE-2024-1709 #APT35 @campuscodi.risky.biz
October 6, 2025 at 6:59 AM
Live dump of random #CTI / #ThreatIntel as I go through #KittenBusters
1/ If you see the username uuminder in your network and specifically in your ScreenConnect please send my regards to your new Iranian friend. for real hello the PWD is U123um10nder
#CVE-2024-1709 #APT35 @campuscodi.risky.biz
1/ If you see the username uuminder in your network and specifically in your ScreenConnect please send my regards to your new Iranian friend. for real hello the PWD is U123um10nder
#CVE-2024-1709 #APT35 @campuscodi.risky.biz
🚨 New CISA Vulnerability Alert 🚨
CRITICAL: Authentication bypass using an alternate path or channel
CVE-2024-1709
CRITICAL: Authentication bypass using an alternate path or channel
CVE-2024-1709
Authentication bypass using an alternate path or channel - CyberAlerts
View detailed information about CVE-2024-1709 on CyberAlerts
cyberalerts.io
July 28, 2025 at 11:40 PM
🚨 New CISA Vulnerability Alert 🚨
CRITICAL: Authentication bypass using an alternate path or channel
CVE-2024-1709
CRITICAL: Authentication bypass using an alternate path or channel
CVE-2024-1709
Critical infrastructure alert: Medusa ransomware is hitting healthcare, education, and manufacturing with triple extortion tactics. Over 300 orgs compromised. Patch ScreenConnect (CVE-2024-1709) and Fortinet EMS (CVE-2023-48788). CISA advisory details defenses: Read More
March 29, 2025 at 1:20 AM
Critical infrastructure alert: Medusa ransomware is hitting healthcare, education, and manufacturing with triple extortion tactics. Over 300 orgs compromised. Patch ScreenConnect (CVE-2024-1709) and Fortinet EMS (CVE-2023-48788). CISA advisory details defenses: Read More
米CISAおよびMS-ISACによると、Medusaランサムウェアグループが重要インフラセクターで300以上の組織を攻撃した。このグループは、ScreenConnectの脆弱性CVE-2024-1709と、Fortinetの脆弱性CVE-2023-48788を悪用する。 therecord.media/medusa-ranso...
CISA: More than 300 critical infrastructure orgs attacked by Medusa ransomware
An advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) on Wednesday said the group and its affiliates h...
therecord.media
March 12, 2025 at 10:34 PM
米CISAおよびMS-ISACによると、Medusaランサムウェアグループが重要インフラセクターで300以上の組織を攻撃した。このグループは、ScreenConnectの脆弱性CVE-2024-1709と、Fortinetの脆弱性CVE-2023-48788を悪用する。 therecord.media/medusa-ranso...
ScreenConnect RMM tool exploited for persistent access. Attackers use social engineering, modified installers, and vulnerabilities (e.g., CVE-2024-1709) & malicious domains. Strong security & threat intelligence are crucial for mitigation.#ScreenConnectExploit
February 7, 2025 at 4:30 AM
ScreenConnect RMM tool exploited for persistent access. Attackers use social engineering, modified installers, and vulnerabilities (e.g., CVE-2024-1709) & malicious domains. Strong security & threat intelligence are crucial for mitigation.#ScreenConnectExploit
SimpleHelp リモート サポート ソフトウェアの重大な脆弱性
2024 年は、人気のリモート サポート/アクセス ソフトウェアに影響を及ぼす注目すべきゼロデイ脆弱性で幕開けとなりました。ConnectWise ScreenConnect に影響を及ぼすCVE-2024-1708とCVE-2024-1709 、BeyondTrust 製品に影響を及ぼすCVE-2024-12356とCVE-2024-12686です。これらの脆弱性は実際に悪用されており、CISA の既知の悪用された脆弱性のリストに掲載されています。
www.horizon3.ai/attack-resea...
2024 年は、人気のリモート サポート/アクセス ソフトウェアに影響を及ぼす注目すべきゼロデイ脆弱性で幕開けとなりました。ConnectWise ScreenConnect に影響を及ぼすCVE-2024-1708とCVE-2024-1709 、BeyondTrust 製品に影響を及ぼすCVE-2024-12356とCVE-2024-12686です。これらの脆弱性は実際に悪用されており、CISA の既知の悪用された脆弱性のリストに掲載されています。
www.horizon3.ai/attack-resea...
Critical Vulnerabilities in SimpleHelp Remote Support Software
SimpleHelp remote support software is susceptible to critical vulnerabilities that could allow full takeover of SimpleHelp servers. Users of SimpleHelp should upgrade to the latest version ASAP.
www.horizon3.ai
February 1, 2025 at 12:40 AM
SimpleHelp リモート サポート ソフトウェアの重大な脆弱性
2024 年は、人気のリモート サポート/アクセス ソフトウェアに影響を及ぼす注目すべきゼロデイ脆弱性で幕開けとなりました。ConnectWise ScreenConnect に影響を及ぼすCVE-2024-1708とCVE-2024-1709 、BeyondTrust 製品に影響を及ぼすCVE-2024-12356とCVE-2024-12686です。これらの脆弱性は実際に悪用されており、CISA の既知の悪用された脆弱性のリストに掲載されています。
www.horizon3.ai/attack-resea...
2024 年は、人気のリモート サポート/アクセス ソフトウェアに影響を及ぼす注目すべきゼロデイ脆弱性で幕開けとなりました。ConnectWise ScreenConnect に影響を及ぼすCVE-2024-1708とCVE-2024-1709 、BeyondTrust 製品に影響を及ぼすCVE-2024-12356とCVE-2024-12686です。これらの脆弱性は実際に悪用されており、CISA の既知の悪用された脆弱性のリストに掲載されています。
www.horizon3.ai/attack-resea...
Rapid7 MDR reveals the most commonly exploited CVEs from January to November 2024:
CVE-2024-3400
CVE-2024-24919
CVE-2024-1709
CVE-2023-48788
CVE-2023-48365
CVE-2023-36025
Regular patching and MFA remain some of the strongest protections.
australiancybersecuritymagazine.com.au/rapid7-revea...
CVE-2024-3400
CVE-2024-24919
CVE-2024-1709
CVE-2023-48788
CVE-2023-48365
CVE-2023-36025
Regular patching and MFA remain some of the strongest protections.
australiancybersecuritymagazine.com.au/rapid7-revea...
Rapid7 Reveals 2024 Threat Landscape Statistics - Australian Cyber Security Magazine
Now we’ve reached the end of another year, you may be looking around the cybersecurity infosphere and seeing a glut of posts offering hot takes on the 2024 threat landscape and predictions about what’...
australiancybersecuritymagazine.com.au
January 27, 2025 at 6:59 AM
Rapid7 MDR reveals the most commonly exploited CVEs from January to November 2024:
CVE-2024-3400
CVE-2024-24919
CVE-2024-1709
CVE-2023-48788
CVE-2023-48365
CVE-2023-36025
Regular patching and MFA remain some of the strongest protections.
australiancybersecuritymagazine.com.au/rapid7-revea...
CVE-2024-3400
CVE-2024-24919
CVE-2024-1709
CVE-2023-48788
CVE-2023-48365
CVE-2023-36025
Regular patching and MFA remain some of the strongest protections.
australiancybersecuritymagazine.com.au/rapid7-revea...
#NorthKorean hackers exploit ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 & CVE-2024-1709) to deploy TODDLERSHARK malware, adding to the notorious Kimsuky arsenal alongside BabyShark and ReconShark. #malware
thehackernews.com/2024/03/hack...
Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware
North Korean hackers exploit ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 & CVE-2024-1709) to deploy TODDLERSHARK malware.
thehackernews.com
March 6, 2024 at 8:37 PM
#NorthKorean hackers exploit ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708 & CVE-2024-1709) to deploy TODDLERSHARK malware, adding to the notorious Kimsuky arsenal alongside BabyShark and ReconShark. #malware
thehackernews.com/2024/03/hack...
"TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant" published by Kroll. #TODDLERSHARK, #CVE-2024-1709, #CVE-2024-1708, #KTA082, #CTI, #OSINT, #LAZARUS https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark
March 5, 2024 at 12:30 PM
"TODDLERSHARK: ScreenConnect Vulnerability Exploited to Deploy BABYSHARK Variant" published by Kroll. #TODDLERSHARK, #CVE-2024-1709, #CVE-2024-1708, #KTA082, #CTI, #OSINT, #LAZARUS https://www.kroll.com/en/insights/publications/cyber/screenconnect-vulnerability-exploited-to-deploy-babyshark
A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
dlvr.it
February 28, 2024 at 6:04 AM
A Catastrophe For Control: Understanding the ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
CVE-2024-1709 and CVE-2024-1708 (auth bypass and path traversal in ScreenConnect) abuse in the wild:
www.huntress.com/blog/slashan...
www.huntress.com/blog/slashan...
SlashAndGrab: ScreenConnect Post-Exploitation in the Wild (CVE-2024-1709 & CVE-2024-1708)
Adversaries have been VERY busy in the wake of the ScreenConnect vulnerabilities (CVE-2024-1709 & CVE-2024-1708). Here’s all the post-exploitation details, tradecraft, and tactics we’ve observed so fa...
www.huntress.com
February 26, 2024 at 2:32 PM
CVE-2024-1709 and CVE-2024-1708 (auth bypass and path traversal in ScreenConnect) abuse in the wild:
www.huntress.com/blog/slashan...
www.huntress.com/blog/slashan...
You can now also track ConnectWise ScreenConnect CVE-2024-1709 exploitation attempts (by unique source IPs attacking) as seen by our sensors on our Dashboard -
dashboard.shadowserver.org/statistics/h...
dashboard.shadowserver.org/statistics/h...
February 23, 2024 at 9:50 AM
You can now also track ConnectWise ScreenConnect CVE-2024-1709 exploitation attempts (by unique source IPs attacking) as seen by our sensors on our Dashboard -
dashboard.shadowserver.org/statistics/h...
dashboard.shadowserver.org/statistics/h...
Alerte sécurité 🔒: Failles critiques CVE-2024-1709 et CVE-2024-1708 dans ConnectWise. Patchez vite! #CyberAlerte
👉 https://www.lemagit.fr/actualites/366570873/Administration-a-distance-ConnectWise-ScreenConnect-a-patcher-durgence
👉 https://www.lemagit.fr/actualites/366570873/Administration-a-distance-ConnectWise-ScreenConnect-a-patcher-durgence
February 22, 2024 at 7:35 PM
Alerte sécurité 🔒: Failles critiques CVE-2024-1709 et CVE-2024-1708 dans ConnectWise. Patchez vite! #CyberAlerte
👉 https://www.lemagit.fr/actualites/366570873/Administration-a-distance-ConnectWise-ScreenConnect-a-patcher-durgence
👉 https://www.lemagit.fr/actualites/366570873/Administration-a-distance-ConnectWise-ScreenConnect-a-patcher-durgence
CVE-2024-1709 is also now on the US CISA Cyber
KEV list - cisa.gov/known-exploi...
Vendor advisory connectwise.com/company/trus...
If you receive an alert from us on your instances assume compromise
KEV list - cisa.gov/known-exploi...
Vendor advisory connectwise.com/company/trus...
If you receive an alert from us on your instances assume compromise
Cloud partner summary: Cloud partners are remediated against both vulnerabilities reported on February 19. No further action is required from any cloud partner (“screenconnect.com” cloud and “hostedrmm.com”).
connectwise.com
February 22, 2024 at 7:25 PM
CVE-2024-1709 is also now on the US CISA Cyber
KEV list - cisa.gov/known-exploi...
Vendor advisory connectwise.com/company/trus...
If you receive an alert from us on your instances assume compromise
KEV list - cisa.gov/known-exploi...
Vendor advisory connectwise.com/company/trus...
If you receive an alert from us on your instances assume compromise
Data has been shared tagged as "vulnerable-screenconnect" but will be tagged "cve-2024-1709" starting from today's scans, now that a CVE has been assigned: shadowserver.org/what-we-do/n...
World map: dashboard.shadowserver.org/statistics/c...
Tree map: dashboard.shadowserver.org/statistics/c...
World map: dashboard.shadowserver.org/statistics/c...
Tree map: dashboard.shadowserver.org/statistics/c...
CRITICAL: Vulnerable HTTP Report | The Shadowserver Foundation
DESCRIPTION LAST UPDATED: 2024-02-21 DEFAULT SEVERITY LEVEL: CRITICAL This report identifies hosts that have the Hypertext Transfer Protocol (HTTP) service running on some port that may have a vulnera...
shadowserver.org
February 22, 2024 at 7:24 PM
Data has been shared tagged as "vulnerable-screenconnect" but will be tagged "cve-2024-1709" starting from today's scans, now that a CVE has been assigned: shadowserver.org/what-we-do/n...
World map: dashboard.shadowserver.org/statistics/c...
Tree map: dashboard.shadowserver.org/statistics/c...
World map: dashboard.shadowserver.org/statistics/c...
Tree map: dashboard.shadowserver.org/statistics/c...
We've improved the scanning/detection for vulnerable instances of ConnectWise ScreenConnect (CVE-2024-1709/CVE-2024-1708) - we now see over 8200 vulnerable instances (on 2024-02-21).
CVE-2024-1709 is widely exploited in the wild - 643 IPs seen attacking to date by our sensors.
CVE-2024-1709 is widely exploited in the wild - 643 IPs seen attacking to date by our sensors.
February 22, 2024 at 7:23 PM
We've improved the scanning/detection for vulnerable instances of ConnectWise ScreenConnect (CVE-2024-1709/CVE-2024-1708) - we now see over 8200 vulnerable instances (on 2024-02-21).
CVE-2024-1709 is widely exploited in the wild - 643 IPs seen attacking to date by our sensors.
CVE-2024-1709 is widely exploited in the wild - 643 IPs seen attacking to date by our sensors.