Download PDF version Contact company

Gotham Security, an Abacus Group company providing high-quality boutique cybersecurity services, has announced that its research team recently discovered two vulnerabilities in ConnectWise ScreenConnect, saving tens of thousands of enterprises from the possible consequences of a significant cyber-attack.

ConnectWise ScreenConnect is a remote-control software used by IT-managed service providers (MSPs) globally. Had Gotham Security not stepped in, therefore, and had a hacker identified the vulnerabilities as part of a zero-day attack, it would likely have led to MSPs and their clients being exposed to this zero-day vulnerability.

Gotham Security’s findings

ConnectWise then began the development of a security patch to handle both exposures

If the vulnerabilities were left unaddressed, bad actors would have been able to gain access to all workstations and servers with ScreenConnect from a local network and then escalate their privileges to be local administrators on the affected systems.

Gotham Security acted quickly to mitigate this possibility, rapidly developing a technical write-up about the vulnerabilities and disclosing it to ConnectWise in accordance with its Vulnerability Disclosure Policy. Within an hour of submission, ConnectWise had triaged the vulnerabilities and assigned security engineers to replicate Gotham Security’s findings. Later that same day, both findings were confirmed as valid. ConnectWise then initiated the development of a security patch to address both vulnerabilities.

Benefits of a partnership-based approach

Christian Scott, Chief Operating Officer and Chief Information Security Officer of Gotham Security said: “Our success in identifying and disclosing these vulnerabilities so quickly is a testament to the hard work and dedication of our team and just one more example of how our technical know and cyber-security research helps protect organisations worldwide.”

Scott added, “This incident shows the benefits of a partnership-based approach. ConnectWise was fast to engage and did a great job in responding to these vulnerabilities and pushing out a patch to rectify them as quickly as possible.”

Resolving software vulnerabilities

Abacus Group recognises the exceptional technical prowess of Gotham in the realm of security

Paul Ponzeka, Chief Technology Officer, Abacus Group, said: “Abacus Group recognises the exceptional technical prowess of Gotham in the realm of security. Gotham has demonstrated a unique capability in uncovering vulnerabilities at a speed that other boutique providers would struggle to match."

Our experience with Gotham goes beyond the superficial 'paper security' offered by others. Christian and his team have not only identified but also actively engaged in resolving software vulnerabilities, working directly with vendors. This hands-on approach and direct problem-solving attitude sets Gotham apart in the field of cybersecurity."

Author's quote

It also underlines the value of a tight coupling between an MSP like ourselves and a cybersecurity company like Gotham Security,” Ponzeka added.

Gotham Security’s close relationship with us allowed them to quickly develop and implement mitigation strategies to protect all of our customers while ConnectWise worked on developing a patch.”

Download PDF version Download PDF version

In case you missed it

How can the industry do a better job of promoting emerging technologies in physical security environments?
How can the industry do a better job of promoting emerging technologies in physical security environments?

By all accounts, technology development is moving at a rapid pace in today's markets, including the physical security industry. However, market uptake of the newest technologies ma...

Dahua & KITT Engineering's LED screen innovations
Dahua & KITT Engineering's LED screen innovations

About a year and a half ago, Peter de Jong introduced Dahua to Fred Koks, General Manager of KITT Engineering. Since then, Dahua, KITT Engineering, and Ocean Outdoor have complete...

Protect assets with BCD's hybrid cloud NVR solutions
Protect assets with BCD's hybrid cloud NVR solutions

Like any retail franchise, car dealerships that have multiple locations nationwide require comprehensive, reliable, and scalable video surveillance solutions to protect their busin...

Quick poll
What is the most significant challenge facing smart building security today?