-
MDRAddress the growing frequency, type, and severity of cyber threats against SMB endpoints
-
SIEMCentralize threat visibility and analysis, backed by cutting-edge threat intelligence
-
Risk Assessment & Vulnerability ManagementIdentify unknown cyber risks and routinely scan for vulnerabilities
-
Identity ManagementSecure and streamline client access to devices and applications with strong authentication and SSO
-
Cloud App SecurityMonitor and manage SaaS security risks for the entire Microsoft 365 environment.
-
SASEZero trust secure access for users, locations, and devices
-
Enterprise-grade SOCProvide 24/7 threat monitoring and response backed by proprietary threat research and intelligence and certified cyber experts
-
Policy ManagementCreate, deploy, and manage client security policies and profiles
-
Incident Response ServiceOn-tap cyber experts to address critical security incidents
-
Cybersecurity GlossaryGuide to the most common, important terms in the industry
ConnectWise Security Bulletin - ConnectWise Control Phishing Issue
07/02/2020
Vulnerability Details:
CVSS Score: N/A
Description:
Phishing emails purporting to be ConnectWise Control have been sent to some partners in an attempt to spoof the Control login page and harvest user credentials.
Remediation:
This issue and a corresponding takedown request have been raised with Google who is the hosting provider for the fake url.
Workarounds and Mitigations:
Please validate the URL of any email received from a ConnectWise sender. Please do not click on any unknown links. Please report to your own internal IT/Security team if you have accessed a link similar to this and/or provided credentials.
The attached pictures below highlight what the phishing attempt looks like.
So far, we have verified three fake urls that are the originating domain for the phishing mails but want to stress that there could be additional yet unreported:
ivkpkt.connectwises.org
74gb.connectwises.org
g0vd.connectwises.org
The phishing email link if clicked will take the user to the following fake url:
cloud.screenconnecte.com/#/