100 matches found
CVE-2023-47246
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. Recent assessments: cbeek-r7 at November 09, 2023 2:50pm UTC reported: On November 8, 2023, SysAid, an IT...
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Lace Tempest, which is known for distributing the Cl0p ransomware, has in the past leveraged zero-day flaws in...
CVE-2023-47246: SysAid Zero-Day Vulnerability Exploited By Lace Tempest
On November 8, 2023, IT service management company SysAid disclosed CVE-2023-47426, a zero-day path traversal vulnerability affecting on-premise SysAid servers. According to Microsoftās threat intelligence team, it has been exploited in the wild by DEV-0950 Lace Tempest in ālimited attacks.ā In a...
Update now! SysAid vulnerability is actively being exploited by ransomware affiliate
Users of SysAid on-premises should take action to deal with a vulnerability. SysAid is a widely used IT service management solution that allows IT teams to manage tasks. Microsoft discovered an ongoing exploitation of a zero-day vulnerability in the SysAid IT support software in limited attacks b...
Medical research data Advarra stolen after SIM swap
Clinical research company Advarra has reportedly been compromised after a SIM swap on one of their executives. SIM swapping, also known as SIM jacking, is the act of illegally taking over a targetās cell phone number. This can be done in a number of ways, but one of the most common methods involv...
Microsoft Warns as Scattered Spider Expands from SIM Swaps to Ransomware
The prolific threat actor known as Scattered Spider has been observed impersonating newly hired employees in targeted firms as a ploy to blend into normal on-hire processes and takeover accounts and breach organizations across the world. Microsoft, which disclosed the activities of the financiall...
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for organizations across multiple industries. Octo Tempest leverages broad social engineering campaigns to compromise organizations across the...
Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)
Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities By Trellix Ā· October 5, 2023 This blog was written by Gurumoorthi Ramanathan Executive Summary: In early July 2023, the threat actor that Microsoft calls āStorm-0324ā was observed sending a phishing message through Microsoft Teams...
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...
New SystemBC Malware Variant Targets Southern African Power Company
An unknown threat actor has been linked to a cyber attack on a power generation company in southern Africa with a new variant of the SystemBC malware called DroxiDat as a precursor to a suspected ransomware attack. "The proxy-capable backdoor was deployed alongside Cobalt Strike Beacons in a sout...
TYAN Tempest CX S5552 å®å Øę¼ę“
The TYAN Tempest CX S5552 is TYAN's server motherboard for the Xeon E-Series. A security vulnerability exists in the TYAN Tempest CX S5552 version 3.00, which originates from the presence of an externally accessible file or directory in the web interface, which could allow an unauthenticated,...
Actors, Threats and Vulnerabilities 5 June to 11 June 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of seven attacks executed, taking advantage of five different vulnerabilities in...
Clop Ransomware Gang Likely Aware of MOVEit Transfer Vulnerability Since 2021
The U.S. Cybersecurity and Infrastructure Security Agency CISA and Federal Bureau of Investigation FBI have published a joint advisory regarding the active exploitation of a recently disclosed critical flaw in Progress Software's MOVEit Transfer application to drop ransomware. "The Cl0p Ransomwar...
Cl0p ransomware gang claims first victims of the MOVEit vulnerability
On Friday June 2, 2023 we reported about a MOVEit Transfer vulnerability that was actively being exploited. If your organization uses MOVEit Transfer and you havent patched yet, it really is time to move it. Excuse the bad pun, but yesterday we saw the first victims of this vulnerability come...
Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft...
Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App
Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft...
Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks
The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...
Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks
The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...
MAL-2023-122 Malicious code in beautiful-tempest-malory-anderson-family-12-by-johanna-lindsey-on-iphone-new-format- (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7faa105f44cbe37ad6640900de81ba2fd9b8d8a89555a095bee8fc30a934e3a2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-273 Malicious code in dow-load-beautiful-tempest-malory-anderson-family-12-by-johanna-lindsey-on-iphone-new-form (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4161121513299effb824bf412303706acdc626a584e6417c3e759d977ba5b2c3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...