Tag

Remote-Access

5 briefs RSS

Vulnerabilities Disclosed in IP KVM Devices from Multiple Vendors

Researchers have disclosed unspecified vulnerabilities in IP KVM devices from four manufacturers, potentially allowing attackers to gain unauthorized access to connected systems.

ip-kvm vulnerability remote-access

2r 2t Mar 19, 2026

medium advisory

First Time Seen Remote Monitoring and Management Tool Execution

3 rules

Detects the execution of previously unseen remote monitoring and management (RMM) tools or remote access software on compromised Windows endpoints, often leveraged for command-and-control, persistence, and execution of malicious commands.

Elastic Defend +101 remote-access rmm command-and-control persistence

3r Jan 24, 2024

medium advisory

Suspicious DNS Queries to RMM Domains from Non-Browser Processes

2 rules

Detection of DNS queries to remote monitoring and management (RMM) domains from non-browser processes indicating potential misuse of legitimate remote access tools for command and control.

Elastic Endpoint +1 command-and-control remote-access windows

2r Jan 3, 2024

medium advisory

Remote Management Access Launch After MSI Install

2 rules

Detects an MSI installer execution followed by the execution of commonly abused Remote Management Software like ScreenConnect, potentially indicating abuse where an attacker triggers an MSI install then connects via a guest link with a known session key.

Microsoft Defender XDR command and control rmm msi windows remote access

2r Jan 3, 2024

medium advisory

Remote File Copy via TeamViewer

2 rules 2 TTPs

Attackers may abuse legitimate utilities such as TeamViewer to deploy malware interactively by remotely copying executable or script files during a TeamViewer session.

Elastic Defend +2 command-and-control remote-access teamviewer

2r 2t Jan 3, 2024