Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)

3 December 2021

An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech. “Successful exploitation of the vulnerability allows an attacker to upload executable files and place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files,” the Cybersecurity and Infrastructure Security Agency (CISA) warns.

Read full article on Help Net Security

Date:

3 December 2021

Categorie(s):

NEWS

Tag(s):

APT, CISA, Plus, Security Pro, Zoho

Microsoft Publicly Releases MS-DOS 4.0 Source Code26 April 2024
New SSLoad Malware Combined With Tools Hijacking Entire Network Domain26 April 2024
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites26 April 2024
Top 5 MSP Cyberattacks in 2023/202426 April 2024
Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim26 April 2024