Ransomware criminals have targeted customers of a utility billing software provider by exploiting the CVE-2024-57727 vulnerability in the SimpleHelp remote management tool. The flaw, which has affected versions 5.5.7 and lower, allows attackers to perform path traversal attacks. Despite a patch released in January 2025, many users remain unprotected. The CISA has issued warnings after attacks by the Play ransomware gang and others, indicating a troubling trend in exploiting unpatched software to disrupt services and carry out double extortion tactics.
Ransomware attackers are actively exploiting a high-severity vulnerability in SimpleHelp's remote management tool, resulting in service disruptions and double extortion incidents.
The CISA alert details that CVE-2024-57727 has been under attack since January 2025, leaving unpatched users vulnerable to severe ransomware threats.
Collection
[
|
...
]