DragonForce Breaches MSPs via SimpleHelp Flaws: Inside CVE-2024-57726
Audio is streamed directly from the publisher (media.transistor.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
In this episode, we unpack a critical supply chain breach that’s rattled the cybersecurity world: the exploitation of multiple zero-day vulnerabilities in SimpleHelp Remote Support Software — most notably CVE-2024-57726, a privilege escalation flaw scored 9.9 by the NVD.
Threat actors linked to the DragonForce ransomware operation and the Scattered Spider group are actively leveraging these vulnerabilities to infiltrate Managed Service Providers (MSPs), hijack their remote management infrastructure, and deploy ransomware to downstream clients. We break down how these bugs were chained to gain admin-level control, upload malicious files, steal data, and deliver double-extortion payloads.
You'll hear how attackers turned SimpleHelp’s legitimate access capabilities into a mass distribution weapon — transforming a trusted MSP tool into a delivery vehicle for destruction. We also explore the role of Scattered Spider as an access broker and social engineering powerhouse, using SIM swapping, MFA fatigue, and cloud exploitation to support this campaign.
We analyze real-world impact, including UK retail disruptions, and examine how delayed patching, inadequate segmentation, and poor monitoring allowed this breach to cascade across environments. Finally, we’ll share urgent mitigation steps for MSPs and enterprises using RMM software — before they become the next victim.
🔒 Whether you’re in IT security, part of an MSP, or manage remote support software, this is one episode you can't afford to miss.