SimpleHelp Vulnerability Exploited Against Utility Billing Software Users

CISA warns that vulnerable SimpleHelp RMM instances have been exploited against a utility billing software provider’s customers.

Ransomware operators are exploiting a SimpleHelp vulnerability in attacks targeting the customers of a utility billing software provider, the US cybersecurity agency CISA warns.

The exploited bug, tracked as CVE-2024-57727 (CVSS score of 7.5), allows attackers to retrieve sensitive information such as credentials and API keys.

The security defect was patched in January along with two other flaws, CVE-2024-57728 and CVE-2024-57726, which allow attackers to upload arbitrary files and elevate their privileges to administrator.

CISA added CVE-2024-57727 to its Known Exploited Vulnerabilities (KEV) list in February, after threat actors were seen exploiting it to compromise devices running the SimpleHelp remote monitoring and management (RMM) software.

In late May, Sophos warned of a DragonForce ransomware attack compromising an MSP and its customers through the exploitation of a vulnerable SimpleHelp instance. CISA now ...