Threat Post

Zoho ManageEngine Password Manager Zero-Day Gets a Fix, Amid Attacks

An authentication bypass vulnerability in the ManageEngine ADSelfService Plus platform leading to remote code execution offers up the keys to the corporate kingdom. A critical security vulnerability ...
Homeland Security Today

USCG, FBI, CISA Alert on Vulnerability in ManageEngine ADSelfService Plus

This joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI), United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure ...
Threat Post

Zoho’s ManageEngine Password Manager Flaw Torched by Godzilla Webshell

Researchers have spotted a second, worldwide campaign exploiting the ManagedEngine SelfServiceAD Plus zero-day: one that’s breached defense, energy and healthcare organizations. A new campaign is ...
ZDNet

CISA warns of APT actors exploiting newly identified vulnerability in ManageEngine ADSelfService Plus

CISA is urging users of Zoho's ManageEngine ADSelfService Plus to update their tools, noting that APT actors are actively exploiting a recently discovered vulnerability. Zoho ManageEngine ...
CSOonline

APT actors exploit flaw in ManageEngine single sign-on solution

US government agencies urge immediate action to look for indicators of compromise and, if found, take recommended steps to mitigate. Cyberespionage groups are exploiting a critical vulnerability ...
CSOonline

Attackers exploiting critical flaw in many Zoho ManageEngine products

Users of on-premises deployments of Zoho ManageEngine products should make sure they have patches applied for a critical remote code execution vulnerability that attackers have now started exploiting ...