SysAid Zero-Day Exploited To Access Corporate Servers, Warns Microsoft

A zero-day vulnerability in SysAid's service management software is being exploited by threat actors, identified as Lace Tempest (a.k.a. Fin11 and TA505), to infiltrate corporate servers. This vulnerability, designated as CVE-2023-47246, was discovered on November 2, leading to a breach of on-premise SysAid servers. The hackers used this exploit to deploy the notorious Clop ransomware. Microsoft Threat Intelligence detected and reported the security issue, linking it to the ongoing tactics of Lace Tempest. Read more...