IOC.exchange

0 posts0 participants0 posts today

The New OilHackers turn <a href="https://mastodon.thenewoil.org/tags/ScreenConnect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ScreenConnect</a> into <a href="https://mastodon.thenewoil.org/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a> using <a href="https://mastodon.thenewoil.org/tags/Authenticode" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Authenticode</a> stuffing<a href="https://www.bleepingcomputer.com/news/security/hackers-turn-screenconnect-into-malware-using-authenticode-stuffing/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/hackers-turn-screenconnect-into-malware-using-authenticode-stuffing/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mastodon.thenewoil.org/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a>

Pyrzout :vm:Hackers Abuse ConnectWise to Hide Malware <a href="https://www.securityweek.com/hackers-abuse-connectwise-to-hide-malware/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.securityweek.com/hackers-abuse-connectwise-to-hide-malware/</a> <a href="https://social.skynetcloud.site/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a>&Threats <a href="https://social.skynetcloud.site/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.skynetcloud.site/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#malware</a>

OTX BotThreat Actors abuse signed ConnectWise application as malware builderSince March 2025, there has been an increase in infections using validly signed ConnectWise samples. Threat actors are exploiting ConnectWise's authenticode stuffing practices to create and distribute their own signed malware. The malicious samples use modified settings in the certificate table to influence critical behavior and user interface elements, such as connection URLs, ports, icons, and messages. This allows attackers to disguise their remote access tools as legitimate software or fake Windows updates. The article provides recommendations for threat detection and prevention, including specific app.config settings to look out for and a YARA rule for detection.Pulse ID: 685ab6d77ee3c365bdf52af2 Pulse Link: <a href="https://otx.alienvault.com/pulse/685ab6d77ee3c365bdf52af2" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://otx.alienvault.com/pulse/685ab6d77ee3c365bdf52af2</a> Pulse Author: AlienVault Created: 2025-06-24 14:31:51Be advised, this data is unverified and should be considered preliminary. Always do further verification.<a href="https://social.raytec.co/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.raytec.co/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://social.raytec.co/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://social.raytec.co/tags/Malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Malware</a> <a href="https://social.raytec.co/tags/OTX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OTX</a> <a href="https://social.raytec.co/tags/OpenThreatExchange" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenThreatExchange</a> <a href="https://social.raytec.co/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a href="https://social.raytec.co/tags/bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bot</a> <a href="https://social.raytec.co/tags/AlienVault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AlienVault</a>

flagthisConnectWise rotates ScreenConnect code signing certificates; update to latest build by deadline to avoid service disruption. <a href="https://ioc.exchange/tags/ConnectWise" class="mention hashtag" rel="tag">#ConnectWise</a> <a href="https://ioc.exchange/tags/ScreenConnect" class="mention hashtag" rel="tag">#ScreenConnect</a> <a href="https://ioc.exchange/tags/Cybersecurity" class="mention hashtag" rel="tag">#Cybersecurity</a> More details: <a href="https://thehackernews.com/2025/06/connectwise-to-rotate-screenconnect.html" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://thehackernews.com/2025/06/connectwise-to-rotate-screenconnect.html</a> - <a href="https://www.flagthis.com/news/16682" target="_blank" rel="nofollow noopener noreferrer" translate="no">https://www.flagthis.com/news/16682</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> rotating code signing certificates over security concerns<a href="https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Pyrzout :vm:ConnectWise to Rotate Code-Signing Certificates – Source: www.darkreading.com <a href="https://ciso2ciso.com/connectwise-to-rotate-code-signing-certificates-source-www-darkreading-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/connectwise-to-rotate-code-signing-certificates-source-www-darkreading-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/DarkReadingSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DarkReadingSecurity</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.skynetcloud.site/tags/DARKReading" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DARKReading</a>

Pyrzout :vm:Connectwise is rotating code signing certificates. What happened? <a href="https://www.helpnetsecurity.com/2025/06/11/connectwise-is-rotating-code-signing-certificates-what-happened/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/06/11/connectwise-is-rotating-code-signing-certificates-what-happened/</a> <a href="https://social.skynetcloud.site/tags/securityupdate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#securityupdate</a> <a href="https://social.skynetcloud.site/tags/certificates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#certificates</a> <a href="https://social.skynetcloud.site/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.skynetcloud.site/tags/CyberProof" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberProof</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/LUMU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LUMU</a>

Zeljka ZorzConnectWise is rotating code signing certificates. What happened?<a href="https://www.helpnetsecurity.com/2025/06/11/connectwise-is-rotating-code-signing-certificates-what-happened/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/06/11/connectwise-is-rotating-code-signing-certificates-what-happened/</a><a href="https://infosec.exchange/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cybersecurity</a> <a href="https://infosec.exchange/tags/Connectwise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Connectwise</a>

Andrew 🌻 Brandt 🐇What a wonderful thing to find out while on vacation that my phone is blowing up because a news article about <a href="https://infosec.exchange/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> published yesterday (<a href="https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/connectwise-rotating-code-signing-certificates-over-security-concerns/</a>) referenced something I posted here in April (<a href="https://infosec.exchange/@threatresearch/114315246724920453" translate="no" rel="nofollow noopener noreferrer" target="_blank">https://infosec.exchange/@threatresearch/114315246724920453</a>). (Thanks, Bill ❤️ & <a href="https://infosec.exchange/@BleepingComputer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BleepingComputer</a>)

Günter Born<a href="https://social.tchncs.de/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> is changing server certificates on June 10, 2025, client updates required, although some updates still not ready.<a href="https://borncity.com/win/2025/06/09/connectwise-updates-server-certificates-update-your-software-before-june-10-2025/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://borncity.com/win/2025/06/09/connectwise-updates-server-certificates-update-your-software-before-june-10-2025/</a>

Günter BornNutzt wer <a href="https://social.tchncs.de/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> Produkte? Die wechseln die Zertifikate zum 10.6.2025, also updaten (wobei die Produkte noch nicht alle aktuell sind).<a href="https://www.borncity.com/blog/2025/06/09/connectwise-screenconnect-dringend-vor-dem-10-juni-2025-updaten/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.borncity.com/blog/2025/06/09/connectwise-screenconnect-dringend-vor-dem-10-juni-2025-updaten/</a>

Marcel SIneM(S)USAngriffe laufen: <a href="https://social.tchncs.de/tags/Connectwise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Connectwise</a>, <a href="https://social.tchncs.de/tags/CraftCMS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CraftCMS</a> und <a href="https://social.tchncs.de/tags/Asus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Asus</a>-Router im Visier | Security <a href="https://www.heise.de/news/Warnung-vor-Angriffen-auf-Connectwise-Craft-CMS-und-Asus-Router-10424978.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/news/Warnung-vor-Angriffen-auf-Connectwise-Craft-CMS-und-Asus-Router-10424978.html</a> <a href="https://social.tchncs.de/tags/Patchday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Patchday</a>

Marcel SIneM(S)USIT-Vorfall bei <a href="https://social.tchncs.de/tags/Connectwise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Connectwise</a>: Staatliche Cyberkriminelle eingebrochen | Security <a href="https://www.heise.de/news/IT-Vorfall-bei-Connectwise-Staatliche-Cyberkriminelle-eingebrochen-10425193.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.heise.de/news/IT-Vorfall-bei-Connectwise-Staatliche-Cyberkriminelle-eingebrochen-10425193.html</a> <a href="https://social.tchncs.de/tags/CyberCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberCrime</a>

The New Oil<a href="https://mastodon.thenewoil.org/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CISA</a> warns of <a href="https://mastodon.thenewoil.org/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://mastodon.thenewoil.org/tags/ScreenConnect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ScreenConnect</a> bug exploited in attacks<a href="https://www.bleepingcomputer.com/news/security/cisa-warns-of-connectwise-screenconnect-bug-exploited-in-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/cisa-warns-of-connectwise-screenconnect-bug-exploited-in-attacks/</a><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Pyrzout :vm:Attackers breached ConnectWise, compromised customer ScreenConnect instances <a href="https://www.helpnetsecurity.com/2025/06/02/attackers-breached-connectwise-compromised-customer-screenconnect-instances/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/06/02/attackers-breached-connectwise-compromised-customer-screenconnect-instances/</a> <a href="https://social.skynetcloud.site/tags/government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#government</a>-backedattacks <a href="https://social.skynetcloud.site/tags/cyberespionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cyberespionage</a> <a href="https://social.skynetcloud.site/tags/remoteaccess" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#remoteaccess</a> <a href="https://social.skynetcloud.site/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.skynetcloud.site/tags/techsupport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#techsupport</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/MSP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MSP</a>

RF Wave🚨 ConnectWise has revealed they were breached 🚨Timing: unknownImpact: - A small number of customers were affectedAttack: - Believed to be a state-sponsored threat actor - Likely exploited vulnerability in ScreenConnect, CVE-2025-3935Response: - Working with Mandiant to investigate - Contacted affected customers and law enforcement<a href="https://mstdn.ca/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://mstdn.ca/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://mstdn.ca/tags/breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#breach</a><a href="https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.bleepingcomputer.com/news/security/connectwise-breached-in-cyberattack-linked-to-nation-state-hackers/</a>

Pyrzout :vm:ConnectWise Breached, ScreenConnect Customers Targeted – Source: www.darkreading.com <a href="https://ciso2ciso.com/connectwise-breached-screenconnect-customers-targeted-source-www-darkreading-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/connectwise-breached-screenconnect-customers-targeted-source-www-darkreading-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/DarkReadingSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DarkReadingSecurity</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.skynetcloud.site/tags/DARKReading" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DARKReading</a>

Pyrzout :vm:ConnectWise customers get mysterious warning about ‘sophisticated’ nation-state hack – Source: go.theregister.com <a href="https://ciso2ciso.com/connectwise-customers-get-mysterious-warning-about-sophisticated-nation-state-hack-source-go-theregister-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/connectwise-customers-get-mysterious-warning-about-sophisticated-nation-state-hack-source-go-theregister-com/</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/TheRegisterSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TheRegisterSecurity</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.skynetcloud.site/tags/TheRegister" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TheRegister</a>

Pyrzout :vm:ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor – Source: securityaffairs.com <a href="https://ciso2ciso.com/connectwise-suffered-a-cyberattack-carried-out-by-a-sophisticated-nation-state-actor-source-securityaffairs-com/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ciso2ciso.com/connectwise-suffered-a-cyberattack-carried-out-by-a-sophisticated-nation-state-actor-source-securityaffairs-com/</a> <a href="https://social.skynetcloud.site/tags/ConnectWiseScreenConnect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWiseScreenConnect</a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#rssfeedpostgeneratorecho</a> <a href="https://social.skynetcloud.site/tags/informationsecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#informationsecuritynews</a> <a href="https://social.skynetcloud.site/tags/ITInformationSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITInformationSecurity</a> <a href="https://social.skynetcloud.site/tags/SecurityAffairscom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityAffairscom</a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurityNews</a> <a href="https://social.skynetcloud.site/tags/PierluigiPaganini" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PierluigiPaganini</a> <a href="https://social.skynetcloud.site/tags/SecurityAffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityAffairs</a> <a href="https://social.skynetcloud.site/tags/SecurityAffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityAffairs</a> <a href="https://social.skynetcloud.site/tags/BreakingNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BreakingNews</a> <a href="https://social.skynetcloud.site/tags/SecurityNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityNews</a> <a href="https://social.skynetcloud.site/tags/ConnectWise" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConnectWise</a> <a href="https://social.skynetcloud.site/tags/hackingnews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hackingnews</a>

Recent searches

Search options

Administered by:

Server stats:

#ConnectWise