[TheRecord] Zoho warns of new zero-day vulnerability exploited in attacks

Zoho urged customers on Friday to update their ManageEngine servers and apply a software fix that patches a zero-day vulnerability that is currently being exploited in the wild.

Tracked as CVE-2021-44515, the vulnerability impacts Zoho ManageEngine Desktop Central, an endpoint management solution that companies use to manage their workers’ devices.

In a security advisory, the company said it patched a bug that would have allowed attackers to bypass authentication and run malicious code on Desktop Central servers.

“As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible,” the company told customers.

The company did not share any details about the threat actor(s) exploiting this bug, but the advisory comes after state-backed groups have already exploited two other vulnerabilities in ADSelfService Plus (CVE-2021-40539) and ServiceDesk Plus (CVE-2021-44077) software packages to compromise its customers’ networks already.

Attacks against the first began as early as August, according to CrowdStrikeCISA, and Palo Alto Networks, and attacks against the second bug began in November, according to Palo Alto Networks and CISA.

Image: Palo Alto Networks

According to Palo Alto Networks, the targets of these previous attacks included several organizations in the US defense sector. It is believed that the purpose of these attacks is cyber-espionage and data theft.

While it is currently unconfirmed that the same nation-state groups are behind the exploitation of this third vulnerability, companies should exercise caution and update their Zoho servers as soon as possible.

There are currently approximately 3,100 Zoho ManageEngine Desktop Central servers connected to the internet, ripe for exploitation.

While previously Zoho released some steps to discover if a server has been hacked, there are no such instructions or steps at the time of writing, meaning Zoho customers will also most likely have to initiate incident response procedures right after they patch and inspect servers for the presence of any suspicious files. They can start by looking for the webshells detailed in the two Palo Alto Network and CISA alerts first.

The post Zoho warns of new zero-day vulnerability exploited in attacks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[SecurityWeek] Oracle’s October 2021 CPU Includes 419 Security Patches

All posts, Security Week

Oracle on Tuesday announced the release of its latest quarterly Critical Patch Update (CPU), which includes a total of 419 security patches for vulnerabilities across the company’s portfolio. Just over half of the patches address vulnerabilities that could be exploited remotely without authentication, Oracle announced. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ZDNet] Microsoft support agent and some basic customer details hit by SolarWinds attackers

All posts, ZDNet

What Redmond is framing as a small breach has come alongside the company admitting some malware passed through its driver signing process. Source: Read More (Latest topics for ZDNet in Security)

Read More

Daily NCSC-FI news followup 2021-09-09

GitHub finds 7 code execution vulnerabilities in ‘tar’ and npm CLI www.bleepingcomputer.com/news/security/github-finds-7-code-execution-vulnerabilities-in-tar-and-npm-cli/ GitHub security team has identified several high-severity vulnerabilities in npm packages, “tar” and “@npmcli/arborist,” used by npm CLI. Zoho patches actively exploited critical ADSelfService Plus bug www.bleepingcomputer.com/news/security/zoho-patches-actively-exploited-critical-adselfservice-plus-bug/ The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical […]

Read More