ID | Votes | Profile Description |
---|---|---|
FlawedGrace | 2 | FlawedGrace is a notorious malware, a remote access trojan (RAT), that has been used extensively in cyberattacks. It was first brought to light in June 2023 when The DFIR Report revealed its use in Truebot operations. In these operations, following the successful download of a malicious file, Truebo |
ID | Type | Votes | Profile Description |
---|---|---|---|
Carbanak | Unspecified | 2 | Carbanak is a sophisticated type of malware, short for malicious software, that is designed to exploit and damage computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt |
Netsupport | Unspecified | 1 | NetSupport is a malicious software (malware) that has been used in various cyberattacks, including the Royal Ransomware attack and assaults by former ITG23 members. It can infiltrate systems through suspicious downloads, emails, or websites and then steal personal information, disrupt operations, or |
Darkgate | Unspecified | 1 | DarkGate is a malicious software (malware) that poses significant threats to computer systems and data. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or even hold your data hos |
Eugenloader | Unspecified | 1 | EugenLoader, also known as FakeBat, is a form of malware that was detected by Microsoft in mid-November 2023. It was distributed by an initial access broker known as Storm-1113 through search advertisements mimicking the Zoom app, with the malware delivered via bogus MSIX installers masquerading as |
Netsupport Rat | Unspecified | 1 | NetSupport RAT is a type of malware that can significantly compromise an organization's digital security. Originally derived from the legitimate NetSupport Manager, a remote technical support tool, this malware infects systems through suspicious downloads, emails, or websites, often unbeknownst to t |
svchost.exe | Unspecified | 1 | Svchost.exe is a malware that exploits and damages computer systems by injecting malicious code into various processes. This harmful program can infiltrate your system through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, di |
ID | Type | Votes | Profile Description |
---|---|---|---|
Sangria Tempest | Unspecified | 2 | Sangria Tempest, also known as FIN7, Carbon Spider, and ELBRUS, is a threat actor that has been active since 2014. This Russian advanced persistent threat (APT) group is known for its malicious activities, including spear-phishing campaigns, malware distribution, and theft of payment card data. In m |
Lace Tempest | Unspecified | 2 | Lace Tempest, a threat actor known for executing actions with malicious intent, has been identified as the orchestrator behind a series of cyber attacks exploiting a zero-day vulnerability in SysAid. The exploit was first brought to light by SysAid and further detailed in a blog post on TuxCare. Thi |
Carbon Spider | Unspecified | 1 | CARBON SPIDER, also known as FIN7 and Sangria Tempest, is a threat actor that has been active in the eCrime space since approximately 2013. This criminally motivated group primarily targets the hospitality and retail sectors with the aim of obtaining payment card data. The group has been linked to s |
FIN7 | Unspecified | 1 | FIN7, a notorious threat actor group known for its malicious activities, has recently been identified as targeting a large U.S. carmaker with phishing attacks. This group, which has previously operated behind fake cybersecurity companies such as Combi Security and Bastion Secure to recruit security |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2023-47246 | Unspecified | 1 | CVE-2023-47246 is a critical zero-day vulnerability discovered in the SysAid IT support and management software solution. The flaw, identified as a path traversal vulnerability, has been exploited by Lace Tempest, a ransomware affiliate known for deploying Cl0p ransomware. This vulnerability allows |
Source | CreatedAt | Title |
---|---|---|
CERT-EU | 7 months ago | Microsoft disables online Windows App Installer after attackers abuse it | #ransomware | #cybercrime | National Cyber Security Consulting |
CERT-EU | 7 months ago | Microsoft disables online Windows App Installer after attackers abuse it | #ransomware | #cybercrime | National Cyber Security Consulting |
CERT-EU | 7 months ago | Microsoft Disables App Installer After Feature is Abused for Malware |
CERT-EU | 7 months ago | Financially motivated threat actors misusing App Installer | Microsoft Security Blog |
BankInfoSecurity | 7 months ago | Microsoft Disables Abused Application Installation Protocol |
CERT-EU | 7 months ago | Microsoft disables app installation protocol abused by hackers | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting |
CERT-EU | 7 months ago | Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks | #ransomware | #cybercrime | National Cyber Security Consulting |
CERT-EU | 9 months ago | Microsoft and SysAid Find Clop Malware Vulnerability |
Yori | 9 months ago | Vulnerabilità su SysAid attivamente sfruttata in-the-wild - Yoroi |
CERT-EU | 8 months ago | Cyber Security Week In Review: November 17, 2023 |
CERT-EU | 8 months ago | SysAid Zero-Day Vulnerability Exploited by Threat Actors |
CERT-EU | 9 months ago | Clop ransomware gang targets SysAid server bug |
CERT-EU | 9 months ago | SysAid zero-day exploited by Clop ransomware group |
CERT-EU | 9 months ago | CVE-2023-47246: SysAid Flaw Used in Clop Ransomware Attacks |
InfoSecurity-magazine | 9 months ago | MOVEit Gang Targets SysAid Customers With Zero-Day Attacks |
BankInfoSecurity | 9 months ago | MOVEit Hackers Turn to SysAid Zero-Day Bug |
CERT-EU | 9 months ago | MOVEit hackers leverage new zero-day bug to breach organizations (CVE-2023-47246) - Help Net Security |
CERT-EU | 9 months ago | MOVEit cybercriminals behind SysAid zero-day attack |
CERT-EU | 9 months ago | SysAid Zero-Day Vulnerability Exploited By Lace Tempest | Rapid7 Blog |
Malwarebytes | 9 months ago | Update now! SysAid vulnerability is actively being exploited by ransomware affiliate | Malwarebytes |