37 matches found
EUVD-2023-29951
Malicious code in bioql PyPI...
EUVD-2023-29952
Malicious code in bioql PyPI...
CVE-2023-26078
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs...
CVE-2023-26077
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions...
Ukrainian Institutions Targeted Using HATVIBE and CHERRYSPY Malware
The Computer Emergency Response Team of Ukraine CERT-UA has alerted of a spear-phishing campaign that targeted a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which...
Iranian Hackers Deploy New BugSleep Backdoor in Middle East Cyber Attacks
The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management RMM software for maintaining persistent access. That's...
Iran-Linked MuddyWater Deploys Atera for Surveillance in Phishing Attacks
The Iran-affiliated threat actor tracked as MuddyWater aka Mango Sandstorm or TA450 has been linked to a new phishing campaign in March 2024 that aims to deliver a legitimate Remote Monitoring and Management RMM solution called Atera. The activity, which took place from March 7 through the week o...
BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks
The threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident "began with the exploitatio...
Why ransomware gangs love using RMM tools—and how to stop them
One of the most alarming trends our ThreatDown Intelligence team has noticed lately is the increased exploitation of legitimate Remote Monitoring and Management RMM tools by ransomware gangs in their attacks. RMM software, such as AnyDesk, Atera, and Splashtop, are essential for IT administrators...
Remote Monitoring & Management software used in phishing attacks
Remote Monitoring & Management RMM software, including popular tools like AnyDesk, Atera, and Splashtop, are invaluable for IT administrators today, streamlining tasks and ensuring network integrity from afar. However, these same tools have caught the eye of cybercriminals, who exploit them to...
Atera Agent Package Availability Security Vulnerability
Atera Agent Package Availability for Windows is an Atera agent package for Windows from Atera. A security vulnerability exists in Atera Agent Package Availability 0.14.0.0 and prior versions, which originates when Agent.Package.Availability.exe has SYSTEM privileges and is susceptible to DLL...
Atera Agent Installed (Windows)
Binary data ateraagentwininstalled.nbin...
Atera Addressed Two Zero-Day Vulnerabilities Exploiting MSI Files
Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Windows Installers for the Atera remote monitoring and management software contain two zero-day vulnerabilities that could serve as a starting point for launching privilege escalation attacks. To...
CVE-2023-26077
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions...
CVE-2023-26077
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions...
CVE-2023-26077
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions...
CVE-2023-26078
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs...
CVE-2023-26078
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs...
Privilege escalation
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs...
Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks
Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078,...