[HackerNews] CISA Warns of Actively Exploited Zoho ManageEngine ADSelfService Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a bulletin warning of a zero-day flaw affecting Zoho ManageEngine ADSelfService Plus deployments that is currently being actively exploited in the wild.
The flaw, tracked as CVE-2021-40539, concerns a REST API authentication bypass that could lead to arbitrary remote code execution (RCE). ADSelfService Plus

Source: Read More (The Hacker News)

You might be interested in …

[HackerNews] New Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures

All posts, HackerNews

As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks.  Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws in tools such as Nagios […]

Read More

[TheRecord] Data breach at Texas behavioral health center affects more than 24,000

A data breach at Texas behavioral health provider Texoma Community Center affected more than 24,000 people and highlights how timelines for breach notification may lag behind security events—even when the most sensitive information is compromised.  Texoma is a nonprofit that specializes in delivering mental health and substance abuse services. The public notice posted on its […]

Read More

[ZDNet] Operation Ironside has confiscated AU$31 million of assets so far

All posts, ZDNet

Of AU$31 million of assets seized by the AFP-led Criminal Assets Confiscation Taskforce so far, AU$6 million came from one Western Australian man. Source: Read More (Latest topics for ZDNet in Security)

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.