Recent Security News
-
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
November 9, 2023 at 09:33AM Threat actors are exploiting a zero-day vulnerability in SysAid software to gain unauthorized access to corporate servers for data theft and ransomware deployment. The vulnerability, currently known as CVE-2023-47246, was used by a threat actor group called Lace Tempest to deploy Clop ransomware. SysAid has developed a patch and urges…
-
New Malvertising Campaign Uses Fake Windows News Portal to Distribute Malicious Installers
November 9, 2023 at 09:09AM A malvertising campaign is targeting users searching for CPU-Z by serving malicious ads that redirect them to a fake Windows news portal. The campaign also cloaks itself by showing innocuous content to those not targeted. The rogue website contains a malicious script that deploys RedLine Stealer. Similar deceptive Google Ads…
-
MOVEit cybercriminals unearth fresh zero-day to exploit on-prem SysAid hosts
November 9, 2023 at 07:40AM Cybercriminals associated with the Cl0p ransomware gang, known as Lace Tempest, have exploited a zero-day vulnerability in on-prem versions of IT service and help desk software SysAid. Microsoft’s Threat Intelligence discovered the exploits and reported them to SysAid, who promptly released patches. The attackers used a new path traversal vulnerability…
-
Risk Ledger Raises £6.25 Million for Supply Chain Security Solution
November 9, 2023 at 07:36AM Risk Ledger, a British supply chain risk management firm, has raised £6.25 million in Series A funding, bringing its total funding to £9.8 million. The London-based company provides a collaborative platform for organizations to identify, visualize, and mitigate supply chain security risks in real-time. The funding will be used to…