Summary

CISA reports active exploitation of ConnectWise ScreenConnect (CVE-2024-1708) that allow for remote code execution and security mechanism bypasses. CISA is requiring patching by May 12, 2026.

Take Action:

If you're using ConnectWise ScreenConnect, update to the latest patched version ASAP. Your ScreenConnect is being actively exploited to deploy ransomware. If you can't patch right away, restrict access to the ScreenConnect server to trusted networks only and monitor for any signs of unauthorized access or suspicious activity.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines