Download PDF version Contact company
Related Links

Gotham Security, an Abacus Group company providing high-quality boutique cybersecurity services, has announced that its research team recently discovered two vulnerabilities in ConnectWise ScreenConnect, saving tens of thousands of enterprises from the possible consequences of a significant cyber-attack.

ConnectWise ScreenConnect is a remote-control software used by IT-managed service providers (MSPs) globally. Had Gotham Security not stepped in, therefore, and had a hacker identified the vulnerabilities as part of a zero-day attack, it would likely have led to MSPs and their clients being exposed to this zero-day vulnerability.

Gotham Security’s findings

ConnectWise then began the development of a security patch to handle both exposures

If the vulnerabilities were left unaddressed, bad actors would have been able to gain access to all workstations and servers with ScreenConnect from a local network and then escalate their privileges to be local administrators on the affected systems.

Gotham Security acted quickly to mitigate this possibility, rapidly developing a technical write-up about the vulnerabilities and disclosing it to ConnectWise in accordance with its Vulnerability Disclosure Policy. Within an hour of submission, ConnectWise had triaged the vulnerabilities and assigned security engineers to replicate Gotham Security’s findings. Later that same day, both findings were confirmed as valid. ConnectWise then initiated the development of a security patch to address both vulnerabilities.

Benefits of a partnership-based approach

Christian Scott, Chief Operating Officer and Chief Information Security Officer of Gotham Security said: “Our success in identifying and disclosing these vulnerabilities so quickly is a testament to the hard work and dedication of our team and just one more example of how our technical know and cyber-security research helps protect organisations worldwide.”

Scott added, “This incident shows the benefits of a partnership-based approach. ConnectWise was fast to engage and did a great job in responding to these vulnerabilities and pushing out a patch to rectify them as quickly as possible.”

Resolving software vulnerabilities

Abacus Group recognises the exceptional technical prowess of Gotham in the realm of security

Paul Ponzeka, Chief Technology Officer, Abacus Group, said: “Abacus Group recognises the exceptional technical prowess of Gotham in the realm of security. Gotham has demonstrated a unique capability in uncovering vulnerabilities at a speed that other boutique providers would struggle to match."

Our experience with Gotham goes beyond the superficial 'paper security' offered by others. Christian and his team have not only identified but also actively engaged in resolving software vulnerabilities, working directly with vendors. This hands-on approach and direct problem-solving attitude sets Gotham apart in the field of cybersecurity."

Author's quote

It also underlines the value of a tight coupling between an MSP like ourselves and a cybersecurity company like Gotham Security,” Ponzeka added.

Gotham Security’s close relationship with us allowed them to quickly develop and implement mitigation strategies to protect all of our customers while ConnectWise worked on developing a patch.”

Download PDF version Download PDF version

Related videos

Upgraded feature for Xesar - Now with smartphone as well!

Upgraded feature for Xesar - Now with smartphone as well!
Enhancing government security with proactive threat detection from Wavestore

Enhancing government security with proactive threat detection from Wavestore
Join the biggest hour for Earth

Join the biggest hour for Earth

In case you missed it

Real time crime centres - policing's new hub
Real time crime centres - policing's new hub

As city managers, law enforcement agencies, and first responders face mounting pressure to combat crime and respond to emergencies with limited resources, real-time crime centres e...

Mitigating cybersecurity risks in industrial control systems with Honeywell
Mitigating cybersecurity risks in industrial control systems with Honeywell

Cybersecurity threats targeting organisations' industrial control systems (ICS) are not always direct. Instead, the most vulnerable entries to an ICS can start with external partne...

Anviz transforms traditional property management into a smart reality, making digitisation more than just talk
Anviz transforms traditional property management into a smart reality, making digitisation more than just talk

The Middle East has recently expanded its real estate market as the region's economy grows and urbanisation accelerates. This trend has led to an increasing demand for smart securi...

Featured white papers
Access control system planning phase 2

Access control system planning phase 2

Download
Honeywell GARD USB threat report 2024

Honeywell GARD USB threat report 2024

Download
The role of artificial intelligence to transform video imaging

The role of artificial intelligence to transform video imaging

Download
SIA Identity and Biometrics Symposium

SIA Identity and Biometrics Symposium

Download
Artificial intelligence

Artificial intelligence

Download
Quick poll
Which feature is most important in a video surveillance system?
More corporate news
ISS enters into partnership agreement with Convergint

ISS enters into partnership agreement with Convergint
RISCO’s innovative tech included in Skills for Security curriculum to tackle skills crisis

RISCO’s innovative tech included in Skills for Security curriculum to tackle skills crisis
barox provides added value for IP video networks with integration to Geutebrück VMS

barox provides added value for IP video networks with integration to Geutebrück VMS
Featured products
Dahua Eyeball Network Camera with Advanced Detection

Dahua Eyeball Network Camera with Advanced Detection
Anviz AI-driven Fisheye Dome Network Camera

Anviz AI-driven Fisheye Dome Network Camera
Honeywell SMX: Cybersecurity for Operational Environments

Honeywell SMX: Cybersecurity for Operational Environments