Security News

Critical ManageEngine Desktop Server Bug Opens Orgs to Malware
2022-01-18 15:44

A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central MSP platforms could allow authentication bypass, the company has warned. Zoho's ManageEngine Desktop Central is a unified endpoint management solution that lets IT admins manage servers, laptops, desktops, smartphones and tablets from a central location.

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central
2022-01-18 02:03

Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as CVE-2021-44757, the shortcoming concerns an instance of authentication bypass that "May allow an attacker to read unauthorized data or write an arbitrary zip file on the server," the company noted in an advisory.

FBI: Another Zoho ManageEngine Zero-Day Under Active Attack
2021-12-21 14:42

Another Zoho ManageEngine zero-day vulnerability is under active attack from an APT group, this time looking to override legitimate functions of servers running ManageEngine Desktop Central and elevate privileges - with an ultimate goal of dropping malware onto organizations' networks, the FBI has warned. There is also evidence to support that it's being used in an attack chain with two other Zoho bugs that researchers have observed under attack since September, according to the alert.

Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)
2021-12-07 10:56

A vulnerability in ManageEngine Desktop Central is being leveraged in attacks in the wild to gain access to server running the vulnerable software. The issue is considered critical by the company and affects ManageEngine Desktop Central - a unified endpoint management solution - and ManageEngine Desktop Central MSP - endpoint management software for MSPs. If installations of the latter are compromised, attackers could use the access to compromise endpoints and networks of MSPs's client organizations.

Warning: Yet Another Zoho ManageEngine Product Found Under Active Attacks
2021-12-03 21:09

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515, is an authentication bypass vulnerability that could permit an adversary to circumvent authentication protections and execute arbitrary code in the Desktop Central MSP server.

Zoho: Patch new ManageEngine bug exploited in attacks ASAP
2021-12-03 15:07

Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installation to the latest available version. Zoho's ManageEngine Desktop Central is a management platform that helps admins deploy patches and software automatically over the network and troubleshoot them remotely.

Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
2021-12-03 10:34

An APT group is leveraging a critical vulnerability in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech. CVE-2021-44077 is an authentication bypass vulnerability that affects ManageEngine ServiceDesk Plus installations using versions 11305 and earlier.

CISA Warns of Actively Exploited Critical Zoho ManageEngine ServiceDesk Vulnerability
2021-12-03 05:34

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.Tracked as CVE-2021-44077, the issue relates to an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus versions up to, and including, 11305 that if left unfixed "Allows an attacker to upload executable files and place web shells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files," CISA said.

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit
2021-11-08 19:15

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor.

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit
2021-11-08 19:15

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor.