Security News

Enterprise software provider Zoho on Friday warned that a newly patched critical flaw in its Desktop Central and Desktop Central MSP is being actively exploited by malicious actors, marking the third security vulnerability in its products to be abused in the wild in a span of four months. The issue, assigned the identifier CVE-2021-44515, is an authentication bypass vulnerability that could permit an adversary to circumvent authentication protections and execute arbitrary code in the Desktop Central MSP server.

Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installation to the latest available version. Zoho's ManageEngine Desktop Central is a management platform that helps admins deploy patches and software automatically over the network and troubleshoot them remotely.

An APT group is leveraging a critical vulnerability in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech. CVE-2021-44077 is an authentication bypass vulnerability that affects ManageEngine ServiceDesk Plus installations using versions 11305 and earlier.

The U.S. Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency are warning of active exploitation of a newly patched flaw in Zoho's ManageEngine ServiceDesk Plus product to deploy web shells and carry out an array of malicious activities.Tracked as CVE-2021-44077, the issue relates to an unauthenticated, remote code execution vulnerability affecting ServiceDesk Plus versions up to, and including, 11305 that if left unfixed "Allows an attacker to upload executable files and place web shells that enable post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files," CISA said.

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor.

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho's ManageEngine ADSelfService Plus self-service password management and single sign-on solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor.

The vulnerability exploited by the attackers was originally reported by the Cybersecurity and Infrastructure Security Agency, which issued an alert on 16 September. An unrelated group of cyber actors had exploited the vulnerability in the same password management service, Zoho Group's ManageEngine ADSelfServicePlus, as early as August 2021.

A critical security vulnerability in the Zoho ManageEngine ADSelfService Plus platform could allow remote attackers to bypass authentication and have free rein across users' Active Directory and cloud accounts. The Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on solution for AD and cloud apps, meaning that any cyberattacker able to take control of the platform would have multiple pivot points into both mission-critical apps and other parts of the corporate network via AD. It is, in other words, a powerful, highly privileged application which can act as a convenient point-of-entry to areas deep inside an enterprise's footprint for both users and attackers alike.

The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild. ManageEngine ADSelfService Plus is an integrated self-service password management and a single sign-on solution for Active Directory and cloud apps, enabling admins to enforce two-factor authentication for application logins and users to reset their passwords.

ManageEngine announced that ADSelfService Plus, its integrated Active Directory self-service password management and single sign-on solution, now offers multi-factor authentication for Outlook on the Web and Exchange admin center logins to add an extra layer of security to Exchange environments. "Going beyond passwords has become necessary for organizations of any size given today's cyberattack landscape. Users rarely take their passwords seriously and, as a result, even simple brute-force attacks are highly successful," said Parthiban Paramasivam, director of product management, ADSelfService Plus.