Security News > 2022 > October > ConnectWise fixes RCE bug exposing R1Soft backup servers to attacks
ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions.
Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.
According to a Shodan scan, more than 4,800 Internet-exposed R1Soft servers are likely exposed to attacks if they haven't been patched since ConnectWise has released patches for this RCE bug.
"Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover," ConnectWise said.
On the other hand, R1Soft users were advised to "Upgrade the server backup manager to SBM v6.16.4 released October 28, 2022 using the R1Soft upgrade wiki."
The company also recommended patching all impacted R1Soft backup servers as soon as possible.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Five backup lessons learned from the UnitedHealth ransomware attack (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)