Tag

Sysaid

All articles tagged with #sysaid

cybersecurity2 years ago•1 min saved

SysAid Zero-Day Exploits: A Growing Threat in Ransomware Attacks

The threat actor Lace Tempest has been exploiting a zero-day vulnerability in the SysAid IT support software to distribute the Cl0p ransomware. The vulnerability, tracked as CVE-2023-47246, allows for code execution within on-premise installations and has been patched by SysAid. After exploiting the flaw, Lace Tempest deploys a malware loader for the Gracewire malware, followed by human-operated activities such as lateral movement, data theft, and ransomware deployment. The attack involves uploading a web shell and other payloads into the SysAid Tomcat web service, as well as the use of the MeshCentral Agent and PowerShell to download and run Cobalt Strike. Organizations using SysAid are advised to apply the patches promptly and scan for signs of exploitation. The FBI has also warned about ransomware attackers targeting third-party vendors and legitimate system tools to compromise businesses.

via The Hacker News|

#cybersecurity #lace-tempest #microsoft

cybersecurity2 years ago•2 min saved

Hacker Group Exploits Zero-Day Bug to Target ITSM Platform

A critical zero-day vulnerability (CVE-2023-47246) in the SysAid IT support and management software solution is being exploited by the ransomware affiliate Lace Tempest, known for deploying Cl0p ransomware. This is not the first time Lace Tempest has exploited zero-day vulnerabilities, having previously targeted Progress Software's MOVEit Transfer installations, Accellion file transfer appliance, and Fortra's GoAnywhere file transfer solution. The vulnerability allows unauthorized access to affected systems and execution of arbitrary code. SysAid has released a patch (v23.3.36) and advised customers to update their systems and check for evidence of compromise.

via Help Net Security|

#cybersecurity #data-breach #lace-tempest

cybersecurity2 years ago•2 min saved

SysAid Zero-Day Flaw Exploited in Ransomware Attacks: Microsoft and SysAid Issue Urgent Patch Warning

Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware. The vulnerability, identified as CVE-2023-47246, was discovered by Microsoft and used by a threat actor known as Lace Tempest. SysAid has released a patch for the vulnerability and provided indicators of compromise to help detect or prevent the intrusion. SysAid users are strongly recommended to update to version 23.3.36 or later and conduct thorough server checks for signs of compromise.

via BleepingComputer|

#clop-ransomware #cybersecurity #lace-tempest