#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

Manage Engine | Breaking Cybersecurity News | The Hacker News

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Experts Sound Alarm Over Growing Attacks Exploiting Zoho ManageEngine Products

Feb 23, 2023
Multiple threat actors have been observed opportunistically weaponizing a now-patched critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as  CVE-2022-47966  (CVSS score: 9.8), the  remote code execution flaw  allows a complete takeover of the susceptible systems by unauthenticated attackers. As many as  24 different products , including Access Manager Plus, ADManager Plus, ADSelfService Plus, Password Manager Pro, Remote Access Plus, and Remote Monitoring and Management (RMM), are affected by the issue. The shortcoming "allows unauthenticated remote code execution due to usage of an outdated third-party dependency for XML signature validation, Apache Santuario," Bitdefender's Martin Zugec  said  in a technical advisory shared with The Hacker News. According to the Romanian cybersecurity firm, the exploitation efforts are said to have commenced the day after penetration testing firm Horizon3.ai released a proo
Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

Zoho Releases Patch for Critical Flaw Affecting ManageEngine Desktop Central

Jan 18, 2022
Enterprise software maker Zoho on Monday issued patches for a critical security vulnerability in Desktop Central and Desktop Central MSP that a remote adversary could exploit to perform unauthorized actions in affected servers. Tracked as  CVE-2021-44757 , the shortcoming concerns an instance of authentication bypass that "may allow an attacker to read unauthorized data or write an arbitrary zip file on the server," the company  noted  in an advisory. Osword from SGLAB of Legendsec at Qi'anxin Group has been credited with discovering and reporting the vulnerability. The Indian firm said it remediated the issue in build version 10.1.2137.9. With the latest fix, Zoho has addressed a total of four vulnerabilities over the past five months — CVE-2021-40539  (CVSS score: 9.8) – Authentication bypass vulnerability affecting Zoho ManageEngine ADSelfService Plus CVE-2021-44077  (CVSS score: 9.8) – Unauthenticated remote code execution vulnerability affecting Zoho ManageEn
Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

Webinar: Learn How to Stop Hackers from Exploiting Hidden Identity Weaknesses

Apr 10, 2024Webinar / Identity Security
We all know passwords and firewalls are important, but what about the invisible threats lurking beneath the surface of your systems? Identity Threat Exposures (ITEs) are like secret tunnels for hackers – they make your security way more vulnerable than you think. Think of it like this: misconfigurations, forgotten accounts, and old settings are like cracks in your digital fortress walls. Hackers exploit these weaknesses to steal login information, gain sneaky access, and move around your systems unnoticed, whether they're in the cloud or on-site. This upcoming webinar,  " Today's Top 4 Identity Security Threat Exposures: Are You Vulnerable? "  isn't just for tech experts—it's about protecting your business.  We'll use real-world examples and insights from Silverfort's latest report to show you the hidden dangers of ITEs. You'll learn about: The Top 4 Identity Threats You Might Be Overlooking:  We'll name them and explain why they're
Cybersecurity Resources