Hundreds of servers have had backdoors installed thanks to a vulnerability in ConnectWise’s R1Soft Server Backup Manager software that was found last year. The vendor advised users to patch their installations as quickly as feasible at the time because the vulnerability carried a high probability of being used in the wild.
A major vulnerability that may have allowed an attacker to run arbitrary code or directly access private data was patched in the Recover and R1Soft Server Backup Manager products, ConnectWise informed customers in late October 2022.