"an API vulnerability"
So, ConnectWise is basically connected to all big companies' IT systems ? It did not discover a "vulnerability", it discovered an undocumented NSA backdoor, and now there's an NSA agent that is seriously pissed off.
ConnectWise isn’t a vendor most Reg readers deal with directly, but the fact the company has just issued its first-ever security advisory deserves attention. That’s because ConnectWise specialises in software that IT services providers use to manage your IT. The 38-year-old company is the dominant force in that market, meaning …
When my company first got connected to the Internet, beyond just having a mail server, back in the 90's we decided that we needed to get setup right. So we hired a local hacker who setup the firewalls, internal servers, backup systems, and web sites and then went on to start his own company providing similar network security services commercially - they did very well.
We have never had any problems, never lost data, the internal and external screening appears to be 100% reliable. His main lesson was, "Always be prepared to be hacked, never assume that you can't be hacked, and always monitor everything, trust nothing" and then he'd demonstrate how he could hack other organizations. He was not evil or criminal, he just loved fiddling past all the networks out there, once he got in he'd laugh and then move on to the next one.
Sadly he is no longer alive due to a cancer that he had been suffering from since high school, another thing he always downplayed.
Biting the hand that feeds IT © 1998–2021