Threat Post

Zoho ManageEngine Password Manager Zero-Day Gets a Fix, Amid Attacks

An authentication bypass vulnerability in the ManageEngine ADSelfService Plus platform leading to remote code execution offers up the keys to the corporate kingdom. A critical security vulnerability ...
Ars Technica

A world of hurt for Fortinet and ManageEngine after users fail to install patches

Organizations around the world are once again learning the risks of not installing security updates as multiple threat actors race to exploit two recently patched vulnerabilities that allow them to ...
Dark Reading

Critical ManageEngine ADAudit Plus Vulnerability Allows Network Takeover, Mass Data ...

A critical vulnerability in Zoho’s widely used compliance tool, ManageEngine ADAudit Plus, which monitors changes to Microsoft Active Directory, leaves endpoints vulnerable to unauthenticated users. A ...
ZDNet

CISA warns of APT actors exploiting newly identified vulnerability in ManageEngine ...

CISA is urging users of Zoho's ManageEngine ADSelfService Plus to update their tools, noting that APT actors are actively exploiting a recently discovered vulnerability. Zoho ManageEngine ...
Bleeping Computer

Zoho urges admins to patch severe ManageEngine bug immediately

Business software provider Zoho has urged customers to patch a high-severity security flaw affecting multiple ManageEngine products. The bug, tracked as CVE-2022-47523, is an SQL injection ...
CSOonline

Zoho ManageEngine flaw is actively exploited, CISA warns

Threat actors are exploiting unpatched ManageEngine instances. CISA adds the vulnerability to its catalog and Zoho urges customers to check their deployments. A remote code execution vulnerability in ...
Homeland Security Today

USCG, FBI, CISA Alert on Vulnerability in ManageEngine ADSelfService Plus

This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure ...
Tech.co

Zoho ManageEngine Vulnerability Draws Attention of CISA

The US Cybersecurity and Infrastructure Security Agency (CISA) is keeping an eye on Zoho, with the agency warning users of a vulnerability in the company’s ManageEngine platform. Zoho is an ...
Threat Post

Zoho’s ManageEngine Password Manager Flaw Torched by Godzilla Webshell

Researchers have spotted a second, worldwide campaign exploiting the ManagedEngine SelfServiceAD Plus zero-day: one that’s breached defense, energy and healthcare organizations. A new campaign is ...
CSOonline

Critical flaw in ManageEngine Desktop Central MSP tool exploited in the wild

Each of two flaws allow attackers to bypass authentication, leaving customers of MSPs that use ManageEngine at risk. Patches are available. Hackers are exploiting a critical authentication bypass ...
Business Wire

ManageEngine Fortifies Endpoint Security with Debut of Application Control Plus

Eliminates untrusted applications by building whitelists and blacklists Prevents privilege elevation attacks with endpoint privilege management Download a 30-day, free trial at https://mnge.it/ACP ...