Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Hackers have been observed taking advantage of an unpatched remote monitoring tool to compromise multiple victims.
The US Cybersecurity and Infrastructure Security Agency (CISA) has released an advisory warning of ransomware actors exploiting a known vulnerability in SimpleHelp Remote Monitoring and Management.
In one instance, a ransomware group was able to use the vulnerability to compromise the customers of a utility billing software provider using an unpatched version of the software.
The vulnerability, CVE-2024-57727, was first published in January 2025 and was patched at the same time.
“SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests,” the CVE record said.
“These files include server configuration files containing various secrets and hashed user passwords.”
Despite being patched, multiple ransomware actors have been able to compromise unpatched instances of SimpleHelp RMM in the first half of 2025.
This is the second time CISA has warned of exploitation of unpatched SimpleHelp RMM instances. In a 4 June advisory updating the known tactics, techniques, and procedures of the Play ransomware gang, CISA said it had observed “multiple ransomware groups, including initial access brokers with ties to Play ransomware operators”, taking advantage of CVE-2024-57727.
You can read the full SimpleHelp advisory here.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
