The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a cybersecurity advisory warning of ransomware hackers leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. The incident reflects a broader pattern of ransomware hackers targeting organizations through unpatched versions of SimpleHelp RMM since January this year. Critical infrastructure organizations have been urged to apply mitigations.
SimpleHelp versions 5.5.7 and earlier contain multiple vulnerabilities, including CVE-2024-57727, a path traversal flaw. Ransomware actors likely exploited this vulnerability to compromise unpatched remote monitoring and management (RMM) instances, leading to service disruptions and double extortion attacks. The CISA added CVE-2024-57727 to its Known Exploited Vulnerabilities Catalog in February this year.
CISA noted that if SimpleHelp is embedded or bundled in vendor-owned software or if a third-party service provider leverages SimpleHelp on a downstream customer’s network, then identify the SimpleHelp server version at prior is found…
