Security News
In this product showcase, we bring to you Vulnerability Manager Plus from ManageEngine. Vulnerability Manager Plus is an enterprise security program that can be used as a stand-alone tool as well as a security add-on for the much larger Unified Endpoint Management solution 'Desktop Central'.
ManageEngine announced that ADSelfService Plus, an integrated Active Directory self-service password management and single sign-on solution, now supports multi-factor authentication for VPNs to protect organizations' internal networks from unauthorized access. "VPN gateways are directly accessible through the internet and are prone to brute force and other types of attacks. Relying on credentials alone to protect VPN access to vital resources could result in immeasurable losses," said Parthiban Paramasivam, director of product management, ADSelfService Plus.
A critical vulnerability in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands with system level privileges on the target Windows host. ManageEngine ADSelfService Plus is developed by ManageEngine, a division of Zoho Corporation, a software development company that focuses on web-based business tools and information technology.
A China-linked threat actor tracked as APT41 has targeted many organizations around the world by exploiting vulnerabilities in Citrix, Cisco and Zoho ManageEngine products, FireEye reported on Wednesday. "It's unclear if APT41 scanned the Internet and attempted exploitation en masse or selected a subset of specific organizations to target, but the victims appear to be more targeted in nature," FireEye said.
A recently disclosed vulnerability affecting Zoho's ManageEngine Desktop Central endpoint management solution is already being exploited in attacks. Researcher Steven Seeley of Source Incite last week decided to disclose a critical Desktop Central vulnerability that can be exploited by a remote, unauthenticated attacker to execute arbitrary code with elevated privileges.
ManageEngine Desktop Central is developed by ManageEngine, a division of Zoho Corporation, a software development company that focuses on web-based business tools and information technology. CVE-2020-10189 allows for deserialization of untrusted data and allows unauthenticated, remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central and achieve SYSTEM/root privileges.
Business tools development company Zoho says it's working on a patch for a zero-day vulnerability affecting its ManageEngine Desktop Central product. "Since Zoho typically ignores researchers, I figured it was OK to share a ManageEngine Desktop Central zero-day exploit with everyone," Seeley wrote on Twitter.
ManageEngine, the IT management division of Zoho Corporation, announced that Applications Manager, its server, cloud, and application performance monitoring solution, now supports Oracle Autonomous Database. Oracle Autonomous Database has gained notable traction since its arrival last year, owing to its agility and support for even the most demanding applications.
ManageEngine, the IT management division of Zoho Corporation, announced the launch of PAM360, a complete privileged access security solution for IT security teams. Available immediately, PAM360...
ManageEngine, the IT management division of Zoho Corporation, announced that Applications Manager, its server, cloud and application performance monitoring solution, now supports performance...