FBI: Cuba ransomware breached 49 US critical infrastructure orgs
Researchers discover 14 new data-stealing web browser attacks
Microsoft Edge now bashes Google Chrome when you download it
Russian internet watchdog announces ban of six more VPN products
The Week in Ransomware – December 3rd 2021 – Seizing Bitcoin
Learn how to build embedded systems for $6 during Cyber Week
US State Dept employees’ phones hacked using NSO spyware
Fake support agents call victims to install Android banking malware
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Zoho: Patch new ManageEngine bug exploited in attacks ASAP
Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installations to the latest available version.
Zoho’s ManageEngine Desktop Central is a management platform that helps admins deploy patches and software automatically over the network and troubleshoot them remotely
The warning comes after the company patched a critical vulnerability (tracked as CVE-2021-44515) which could allow attackers to bypass authentication and execute arbitrary code on unpatched ManageEngine Desktop Central servers (Desktop Central Cloud is not affected).
“As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible,” Zoho explained in a notification issued today.
To detect if your installation was compromised using this security flaw, you can use Zoho’s Exploit Detection Tool and go through the procedure detailed here.
If impacted, the company recommends disconnecting and backing up all critical business data on affected systems from the network, formatting the compromised servers, restoring Desktop Central, and updating it to the latest build once the installation ends.
If signs of compromise have been found, Zoho also recommends initiating a “password reset for all services, accounts, Active Directory, etc. that has been accessed from the service installed machine” together with Active Directory administrator passwords.
A quick search using Shodan has revealed over 3,200 ManageEngine Desktop Central instances running on various ports and exposed to attacks.
This is not the first time Zoho ManageEngine servers have been targeted in attacks recently. Desktop Central instances, in particular, have been hacked before and access to compromised networks sold on hacking forums since at least July 2020.
According to cyber intelligence company KELA who spotted the threat actors behind these offers, they had sold network access to companies worldwide and claimed to have access to others from the US, UK, Spain, and Brazil.
More recently, between August and October 2021, Zoho ManageEngine products have been targeted by state hackers using tactics and tooling similar to those used by Chinese-backed hacking group APT27.
The attackers focused on and compromised the networks of critical infrastructure organizations worldwide in three different campaigns using an ADSelfService zero-day exploit between early-August and mid-September, an n-day AdSelfService exploit until late October, and a ServiceDesk one starting with October 25.
After these campaigns, the FBI and CISA also issued joint advisories (1, 2) warning of APT actors exploiting the ManageEngine vulnerabilities to drop webshells on the networks of targeted critical infrastructure orgs, including the healthcare, financial services, electronics, and IT consulting industries.
Additionally, the two US federal agencies said that confirming a successful compromise in these attacks may be difficult since “the attackers are known to run clean-up scripts designed to remove traces of the initial point of compromise and hide any relationship between exploitation of the vulnerability and the webshell.”
A Zoho spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today about the CVE-2021-44515 vulnerability being exploited in the wild.
Hackers use in-house Zoho ServiceDesk exploit to drop webshells
Microsoft patches Excel zero-day used in attacks, asks Mac users to wait
Microsoft issues advisory for Surface Pro 3 TPM bypass vulnerability
Microsoft asks admins to patch PowerShell to fix WDAC bypass
Nine WiFi routers used by millions were vulnerable to 226 flaws
Not a member yet? Register Now
Nine WiFi routers used by millions were vulnerable to 226 flaws
Russian internet watchdog announces ban of six more VPN products
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

IKEA email systems hit by ongoing cyberattack

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…

Android malware BrazKing returns as a stealthier banking trojan

US regulators order banks to report cyberattacks within 36 hoursHackers deploy Linux…

Bugs in billions of WiFi, Bluetooth chips allow password, data theft

Attackers can get root by crashing Ubuntu’s AccountsServiceAttackers can get root by…

FBI warns of increased use of cryptocurrency ATMs, QR codes for fraud

Ukraine links members of Gamaredon hacker group to Russian FSBSamsung Galaxy S21…