Featured Story
Zero-Day Alert: Lace Tempest Exploits SysAid IT Support Software Vulnerability
The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. Known for distributing Cl0p ransomware, Lace Tempest previously exploited MOVEit Transfer and PaperCut servers.
The issue, tracked as CVE-2023-47246, is a path traversal vulnerability that enables code execution in on-premise SysAid installations. It has been patched in version 23.3.36 of the software.
After initial exploitation, attackers deployed a malware loader that installs Gracewire. Organizations are urged to patch immediately and scan systems for indicators of compromise.
Organizations using SysAid are strongly advised to patch without delay. This vulnerability is actively exploited and can lead to full compromise and ransomware deployment. Contact our SOC team for help securing and investigating affected environments.
Other Stories
Apache ActiveMQ CVE-2023-46604 Actively Exploited — Patch Immediately!
CVE-2023-46604 is a critical RCE vulnerability affecting Apache ActiveMQ. The CVSS score is 10.0, and active exploitation by ransomware groups is ongoing. The vulnerability affects versions prior to 5.18.3, 5.17.6, 5.16.7, and 5.15.16.
Public proof-of-concept exploits are available. Patch immediately and scan for signs of compromise.
This vulnerability has been actively exploited for over a month. If your organization uses ActiveMQ, apply the patch now. Contact our SOC to assist with incident review and mitigation.
Warning: Multiple Vulnerabilities in Veeam ONE — Patch Immediately!
Vulnerabilities CVE-2023-38547, CVE-2023-38548, and CVE-2023-41723 allow attackers to steal SQL credentials and NTLM hashes from Veeam ONE systems. The flaws affect versions 11, 11a, and 12.
Fixes are available in:
– 11 (11.0.0.1379)
– 11a (11.0.1.1880)
– 12 P20230314 (12.0.1.2591)
Threat actors such as FIN7 and BlackCat have previously exploited Veeam software for malware delivery.
We recommend all organizations using affected versions of Veeam ONE apply vendor hotfixes as soon as possible to avoid unauthorized access.
CVSS 4.0 Offers Significantly More Patching Context
FIRST has published CVSS 4.0, an updated vulnerability scoring system designed to improve risk-based vulnerability management. CVSS 4.0 introduces more detailed context metrics, enabling organizations to better prioritize patching based on business relevance.
As vulnerabilities multiply, CVSS 4.0 helps security teams evaluate risks more precisely. If your organization needs help adopting this approach, contact our SOC.
Beware: Fake Vacancies in Circulation
Fraudulent job offers are circulating online, offering high salaries and simple entry requirements. These are social engineering scams targeting unsuspecting individuals. If it seems too good to be true, it probably is.
Suspicious messages can be forwarded to:
– verdacht@safeonweb.be
– suspect@safeonweb.be
– suspicious@safeonweb.be
Our SOC is also available to assist with any doubts or suspicious content.
