Vendor Acronis has warned that patching your software doesn’t ensure elimination of exploits and vulnerabilities. Software flaws that remain can still be targeted.
They pointed to an active campaign targeting servers of SimpleHelp. In this cyber attack, researchers detected 580 exposed instances.
“The flaws, identified as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow attackers to manipulate files and escalate privileges,” Acronis’ threat researchers noted.
“Attackers gain access by exploiting the flaws or using stolen credentials, then executing reconnaissance commands to gather system intelligence.”
However, researchers “cannot confirm with certainty” that revealed flaws and related vulnerabilities were responsible for related breaches.
Nevertheless, organisations that don’t wish to uninstall the software should upgrade to the latest patched versions as well as “swiftly isolating” affected systems.
The SimpleHelp remote monitoring and management (RMM) solution is used by organisations including managed services providers (MSPs).
Backup and continuity in multi-layer strategy
Acronis said recent attacks had targeted organisations including Smiths Group, HPE, Nominet To protect themselves, organisations should employ multi-layered cybersecurity.
In the event of attack, backup can be crucial to continuity. It’s not enough to simply deploy a cybersecurity solution, however advanced.
Acronis’ 2025 data privacy survey showed that many could do more to protect their data.
“About 35% of respondents do not back up their data regularly, and 4% are unsure of what data backup means,” the vendor said.
“Despite the prevalence of mobile devices, only 43% of users employ mobile security applications, leaving many vulnerable to attacks.”
At the same time, despite “growing understanding” around security threats, nearly 30% of consumers found security tools too complex to manage. Almost half neglect data protection altogether, Acronis said.
There are more findings in the report, available here.
Further exploits and vulnerabilities
Generative AI tools have already fuelled attacks from phishing scams to malware campaigns and fake investment schemes.
“Cybercriminals create fraudulent websites mimicking DeepSeek to steal cryptocurrency wallets, distribute malware and deceive investors with fake pre-IPO offers,” Acronis warned.
In one ‘fake Deepseek’ compromise, threat actors have been distributing Poseidon Stealer malware to macOS users, phishing for data via applications, links and websites.
In addition, over 18,000 inexperienced hackers or ‘script kiddies’ were recently deceived into infecting their own systems, according to Acronis.
Attackers successfully distributed an XWorm RAT builder trojan, disguised as a malware creation tool. This fake builder spread worldwide via popular platforms including GitHub, Telegram, and YouTube.
“It stole Discord tokens, system data and browser credentials while maintaining persistence,” Acronis said.
“Attackers controlled infected machines through a Telegram-based command and control (C2) server, enabling keylogging, screen capture and file encryption.”
Meanwhile, the US’s Federal Trading Commission (FTC) has warned of a new scam involving unsolicited gifts including malicious QR codes. After scanning the code, recipients land on websites that steal data or install malware.
Acronis provides a range of backup and cyber-protection offerings, such as Acronis True Image for backing up entire systems, selected files or data, utilising local disks, network storage, centralised deduplicated storage, tape devices and the cloud.
( Photo by Chris Chow on Unsplash )
