fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Zoho: Patch New ManageEngine Bug Exploited in Attacks ASAP

Zoho: Patch New ManageEngine Bug Exploited in Attacks ASAP

Business software provider Zoho urged customers today to update their Desktop Central and Desktop Central MSP installations to the latest available version.

Zoho’s ManageEngine Desktop Central is a management platform that helps admins deploy patches and software automatically over the network and troubleshoot them remotely

The warning comes after the company patched a critical vulnerability (tracked as CVE-2021-44515) which could allow attackers to bypass authentication and execute arbitrary code on unpatched ManageEngine Desktop Central servers (Desktop Central Cloud is not affected).

“As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible,” Zoho explained in a notification issued today.

To detect if your installation was compromised using this security flaw, you can use Zoho’s Exploit Detection Tool and go through the procedure detailed here.

Also Read: Top 10 Best Freelance Testing Websites That Will Pay You

RCE-compromised ManageEngine instance
RCE-compromised ManageEngine instance (Zoho)

If impacted, the company recommends disconnecting and backing up all critical business data on affected systems from the network, formatting the compromised servers, restoring Desktop Central, and updating it to the latest build once the installation ends.

If signs of compromise have been found, Zoho also recommends initiating a “password reset for all services, accounts, Active Directory, etc. that has been accessed from the service installed machine” together with Active Directory administrator passwords.

A quick search using Shodan has revealed over 3,200 ManageEngine Desktop Central instances running on various ports and exposed to attacks.

Internet exposed Desktop Central servers
Internet exposed Desktop Central servers (BleepingComputer)

Ongoing Zoho ManageEngine targeting

This is not the first time Zoho ManageEngine servers have been targeted in attacks recently. Desktop Central instances, in particular, have been hacked before and access to compromised networks sold on hacking forums since at least July 2020.

Also Read: PDP Act (Personal Data Protection Act) Laws and Regulation

According to cyber intelligence company KELA who spotted the threat actors behind these offers, they had sold network access to companies worldwide and claimed to have access to others from the US, UK, Spain, and Brazil.

More recently, between August and October 2021, Zoho ManageEngine products have been targeted by state hackers using tactics and tooling similar to those used by Chinese-backed hacking group APT27.

The attackers focused on and compromised the networks of critical infrastructure organizations worldwide in three different campaigns using an ADSelfService zero-day exploit between early-August and mid-September, an n-day AdSelfService exploit until late October, and a ServiceDesk one starting with October 25.

Zoho ManageEngine exploitation
Zoho ManageEngine exploitation (Unit 42)

After these campaigns, the FBI and CISA also issued joint advisories (12) warning of APT actors exploiting the ManageEngine vulnerabilities to drop webshells on the networks of targeted critical infrastructure orgs, including the healthcare, financial services, electronics, and IT consulting industries.

Additionally, the two US federal agencies said that confirming a successful compromise in these attacks may be difficult since “the attackers are known to run clean-up scripts designed to remove traces of the initial point of compromise and hide any relationship between exploitation of the vulnerability and the webshell.”

A Zoho spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today about the CVE-2021-44515 vulnerability being exploited in the wild.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us