Lucene search
K

100 matches found

ATTACKERKB
ATTACKERKB
•added 2023/11/10 12:0 a.m.•54 views

CVE-2023-47246

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. Recent assessments: cbeek-r7 at November 09, 2023 2:50pm UTC reported: On November 8, 2023, SysAid, an IT...

9.8CVSS9.5AI score0.98851EPSS
In wildExploits3References5
The Hacker News
The Hacker News
•added 2023/11/09 4:54 p.m.•71 views

Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability

The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in...

8AI score0.98851EPSS
Exploits3
Rapid7 Blog
Rapid7 Blog
•added 2023/11/09 2:12 p.m.•190 views

CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest

On November 8, 2023, IT service management company SysAid disclosed CVE-2023-47426, a zero-day path traversal vulnerability affecting on-premise SysAid servers. According to Microsoft’s threat intelligence team, it has been exploited in the wild by DEV-0950 Lace Tempest in ā€œlimited attacks.ā€ In a...

7.5CVSS9.4AI score0.99934EPSS
Exploits18
Malwarebytes
Malwarebytes
•added 2023/11/09 1:43 p.m.•40 views

Update now! SysAid vulnerability is actively being exploited by ransomware affiliate

Users of SysAid on-premises should take action to deal with a vulnerability. SysAid is a widely used IT service management solution that allows IT teams to manage tasks. Microsoft discovered an ongoing exploitation of a zero-day vulnerability in the SysAid IT support software in limited attacks b...

7.5CVSS7.9AI score0.98851EPSS
Exploits3
Malwarebytes
Malwarebytes
•added 2023/11/06 11:27 a.m.•29 views

Medical research data Advarra stolen after SIM swap

Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is the act of illegally taking over a target’s cell phone number. This can be done in a number of ways, but one of the most common methods involv...

7AI score
Exploits0
The Hacker News
The Hacker News
•added 2023/10/26 1:56 p.m.•35 views

Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware

The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financiall...

7.7AI score
Exploits0
Microsoft Secure
Microsoft Secure
•added 2023/10/25 4:30 p.m.•43 views

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...

8.7AI score
Exploits0
Trellix
Trellix
•added 2023/10/05 12:0 a.m.•37 views

Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)

Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities By Trellix Ā· October 5, 2023 This blog was written by Gurumoorthi Ramanathan Executive Summary: In early July 2023, the threat actor that Microsoft calls ā€œStorm-0324ā€ was observed sending a phishing message through Microsoft Teams...

7.3CVSS8.1AI score0.12107EPSS
Exploits0
Microsoft Secure
Microsoft Secure
•added 2023/09/12 5:0 p.m.•95 views

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...

4.1CVSS7.3AI score0.12107EPSS
Exploits0
The Hacker News
The Hacker News
•added 2023/08/11 9:40 a.m.•46 views

New SystemBC Malware Variant Targets Southern African Power Company

An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a sout...

7.1AI score
Exploits0
CNNVD
CNNVD
•added 2023/07/05 12:0 a.m.•7 views

TYAN Tempest CX S5552 å®‰å…Øę¼ę“ž

The TYAN Tempest CX S5552 is TYAN's server motherboard for the Xeon E-Series. A security vulnerability exists in the TYAN Tempest CX S5552 version 3.00, which originates from the presence of an externally accessible file or directory in the web interface, which could allow an unauthenticated,...

5.8CVSS5.2AI score0.00243EPSS
Exploits0References2
hivepro
hivepro
•added 2023/06/13 6:58 a.m.•53 views

Actors, Threats and Vulnerabilities 5 June to 11 June 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of five different vulnerabilities in...

9.3CVSS6.9AI score0.99934EPSS
Exploits77
The Hacker News
The Hacker News
•added 2023/06/08 1:56 p.m.•8 views

Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021

The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...

9.8CVSS8.8AI score0.99934EPSS
Exploits15
Malwarebytes
Malwarebytes
•added 2023/06/06 1:0 a.m.•370 views

Cl0p ransomware gang claims first victims of the MOVEit vulnerability

On Friday June 2, 2023 we reported about a MOVEit Transfer vulnerability that was actively being exploited. If your organization uses MOVEit Transfer and you havent patched yet, it really is time to move it. Excuse the bad pun, but yesterday we saw the first victims of this vulnerability come...

7.5CVSS8.2AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
•added 2023/06/05 12:3 p.m.•6 views

Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft...

9.8CVSS8.3AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
•added 2023/06/05 12:3 p.m.•83 views

Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft...

8.2AI score0.99934EPSS
Exploits15
The Hacker News
The Hacker News
•added 2023/05/20 6:49 a.m.•2 views

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

7.5CVSS6.7AI score0.7761EPSS
Exploits4
The Hacker News
The Hacker News
•added 2023/05/20 6:49 a.m.•90 views

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

7.5CVSS6.8AI score0.7761EPSS
Exploits4
OSV
OSV
•added 2023/05/10 1:24 p.m.•11 views

MAL-2023-122 Malicious code in beautiful-tempest-malory-anderson-family-12-by-johanna-lindsey-on-iphone-new-format- (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7faa105f44cbe37ad6640900de81ba2fd9b8d8a89555a095bee8fc30a934e3a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
•added 2023/05/10 1:24 p.m.•9 views

MAL-2023-273 Malicious code in dow-load-beautiful-tempest-malory-anderson-family-12-by-johanna-lindsey-on-iphone-new-form (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4161121513299effb824bf412303706acdc626a584e6417c3e759d977ba5b2c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder