BleepingComputer reports that network security firm LogicMonitor had a "small number" of its software-as-a-service platform users impacted by cyberattacks, which anonymous sources noted to involve ransomware deployment.
Ransomware was claimed by the sources to have been distributed through on-premise LogicMonitor Collector sensors, with attackers locally executing scripts deployed from the SaaS platform.
Such claims come after LogicMonitor disclosed that it has resolved technical issues affecting a subset of customer accounts in the US-WEST-2, US-EAST-1, and EU-WEST-1 regions following an investigation.
Meanwhile, TechCrunch was informed by another anonymous source that LogicMonitor's weak default passwords for new users were behind the compromise of the accounts.
"LogicMonitor had reached out to us proactively with a possible username/password breach for a few of their customers via a call, which could lead to systems that are being monitored by LogicMonitor to be compromised with a ransomware attack and henceforth this proactive reach out," said LogicMonitor customer.
BleepingComputer reports vulnerable ConnectWise ScreenConnect servers impacted by the CVE-2024-1708 and CVE-2024-1709 flaws were observed by Sophos X-Ops researchers to have been subjected to numerous LockBit ransomware attacks since Feb. 21 .