Last week the US Federal Bureau of Investigation (FBI) warned that multiple APT threat actor groups are abusing a zero-day vulnerability on Zoho’s ManageEngine Desktop Central server since October.
Although Zoho patched the vulnerability on December 3 this year, but, the hackers started the exploration of this zero-day bug in October. On ManageEngine Desktop Central servers, this zero-day bug has been tracked as CVE-2021-44515 with a severity tag of Critical.
This zero-day bug is an identity authentication bypass vulnerability of ManageEngine Desktop Central.
According to the FBI report, On the Desktop Central server, this vulnerability allows hackers to circumvent the authentication mechanism and execute arbitrary programs.
Zoho is an Indian software company and the web version of the productivity software Zoho Office Suite is one of the hot items of Zoho.
But, apart from this, Zoho also has another ManageEngine brand that specializes in IT management for small and medium enterprises. And here the Desktop Central is the unified endpoint management solution in ManageEngine of Zoho.
The Desktop Central helps small and medium enterprises to centrally manage the following things:-
Here below we have mentioned all the TTP that are used by the threat actors:-
In October this year, a number of APT hacker groups maltreated this zero-day vulnerability. They replace the legitimate functions on Desktop Central with a malicious Webshell.
After that, they downloaded other attack tools to list and analyze the users and groups of the hacked webpages to conduct:-
Here’s what Zoho stated:-
“As we are noticing indications of exploitation of this vulnerability, we strongly advise customers to update their installations to the latest build as soon as possible.”
However, in this case, you can use Zoho’s Exploit Detection Tool to check whether your server was breached or not using this zero-day security flaw. While apart from this, currently, more than 2,900 ManageEngine Desktop Central instances are exposed to incoming attacks.
Aside from releasing the security patch, for ManageEngine Desktop Central customers Zoho has also provided the following vulnerable build numbers for both Enterprise Customers and MSP Customers.
However, the FBI has strongly recommended users to apply the security patch immediately, and also keep proper track to find and report any concerning suspicious activity.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers…
The Cactus ransomware gang has been exploiting vulnerable Qlik sense servers ever since November 2023…
Autodesk Drive is a data-sharing platform for organizations to share documents and files in the…
The Iranian state-sponsored threat actor MuddyWater has been observed exploiting a legitimate remote monitoring and…
Hackers often target WordPress plugins as they have security loopholes that they can exploit to…
In a significant move for tech enthusiasts and historians alike, Microsoft has made the source…