A new phishing campaign targeting US healthcare and cryptocurrency sectors is exploiting vulnerabilities in remote support tool, ConnectWise ScreenConnect. Researchers found fraudulent websites that mimic cryptocurrency platforms and healthcare organizations, which, when interacted with, initiate the download of ScreenConnect client files, creating a potential entry point for hackers. Despite no detected active communication between servers and clients, the potential for data extraction or malware deployment remains high.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
