215/68 Monday, June 16, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a security alert on June 12, warning that ransomware groups are actively exploiting a critical vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software to breach victims in supply chain-style attacks. The flaw, tracked as CVE-2024-57727, affects SimpleHelp versions 5.5.7 and earlier and allows unauthenticated attackers to download sensitive files directly from vulnerable servers, including system configuration files and hashed user passwords.
Although the vulnerability was disclosed in January 2025 and a patch was released shortly thereafter, CISA reports that many organizations have yet to apply the fix, making them ongoing targets for cybercriminals. The affected victims include utility billing software providers and critical infrastructure service companies, highlighting a broader trend where ransomware actors increasingly target outdated or unpatched RMM software.
CISA is urging all SimpleHelp users—and vendors that integrate SimpleHelp into their products—to immediately apply the latest security updates. In addition, organizations should isolate SimpleHelp servers from internet exposure, implement robust data backup strategies, disable external Remote Desktop Protocol (RDP) access, and maintain a Software Bill of Materials (SBOM) to improve long-term supply chain security. CISA also strongly emphasizes that ransom payments should not be made, as doing so does not guarantee data recovery and may encourage further attacks.
Source https://www.darkreading.com/cyberattacks-data-breaches/cisa-ransomware-attacks-simplehelp-rmm
