EXECUTIVE SUMMARY:
Researchers have identified a campaign exploiting SimpleHelp RMM software vulnerabilities, including CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, each with a CVSS score of 9.8. These flaws allow attackers to download and upload arbitrary files and escalate privileges, posing significant risks if combined. While it remains unconfirmed if these vulnerabilities were directly exploited, the attack began via an active SimpleHelp process and involved unauthorized connections, reconnaissance, and eventual disruption before further escalation. Researchers emphasize the attractiveness of RMM tools for malicious use and recommend upgrading to patched versions, uninstalling unused clients, enhancing access controls, and monitoring network traffic for suspicious activity.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Researchers have identified a campaign exploiting SimpleHelp RMM software vulnerabilities, including CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, each with a CVSS score of 9.8. These flaws allow attackers to download and upload arbitrary files and escalate privileges, posing significant risks if combined. While it remains unconfirmed if these vulnerabilities were directly exploited, the attack began via an active SimpleHelp process and involved unauthorized connections, reconnaissance, and eventual disruption before further escalation. Researchers emphasize the attractiveness of RMM tools for malicious use and recommend upgrading to patched versions, uninstalling unused clients, enhancing access controls, and monitoring network traffic for suspicious activity.[emaillocker id="1283"]
RECOMMENDATION:
We strongly recommend you update SimpleHelp RMM software products to below version:
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/simplehelp-rmm-vulnerabilities-exploited-in-latest-cyberattack-campaign/