A software company has been forced to remind customers to patch a two-year-old flaw in a third-party plug-in, after reports it is being exploited to infect scores of companies with GandCrab ransomware via their managed security provider (MSP). The issue relates to CVE-2017-18362, a flaw which affects the Connectwise Manage plug-in for the Kaseya VSA remote-monitoring tool.
Read full news article on Infosecurity