#1 Trending Cybersecurity News & Magazine
Tuesday, December 5, 2023
No Result
View All Result
The Cyber Express
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    SPARRSO data breach

    Cyberattack on SPARRSO Raises Concerns Over Security in Bangladesh

    GTA 6 Map Leak

    The GTA 6 Map Leaked by Rockstar Employee’s Son: What’s Disclosed?

    TrickMo Banking Trojan

    TrickMo Banking Trojan Resurfaces with New Features, Targeting Android Devices this Time Around

    Vietnam Electricity data breach

    BlackCat Ransomware Strikes Ho Chi Minh City Power Corporation

    cybersecurity

    Emerging Trends and Challenges in Cybersecurity: Insights from Abul Kalam Azad

    Spyroid Rat Android RAT

    Unmasking Spyroid Rat: An In-Depth Look at the Menacing Android RAT

    MIRLE Group cyberattack

    MIRLE Group Targeted by Notorious LockBit Ransomware Group

    Cosmote Cyberattack

    Anonymous Collective Targets Greece’s Largest Mobile Operator Cosmote; Website Currently Down

    Colonial Pipeline Data Breach

    Colonial Pipeline Hit by ‘CyberNiggers’ Hacker Group, Sensitive Data for Sale on Dark Web

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    AI Security Guidelines

    Rethinking AI For Cybersecurity: The UK & US Reveals New Guidelines For AI Security

    Cyber Insurance

    Cyber Insurance and Real-Time Threat Dashboard to Mend the Gaps in Near Future

    Pledge to Stop Ransom Payment

    Pledge to Stop Ransom Payment Awaits Consensus from all Members of the CRI

    Executive Order on Artificial Intelligence

    Biden Administration’s AI Directive: A Blueprint for Ethical Use and Enhanced Cybersecurity

    Cyber Resilience

    Towards Cyber Resilience: A Data-Centric Approach to Security

    CybleGrowCon

    Cyble Partner Network GrowCon 2023: Uniting Cybersecurity Leaders

    GRC, What is GRC

    What is GRC (Governance, Risk & Compliance): A Beginner’s Guide

    Facial Recognition Ban

    New York State Education Department Bans Facial Recognition Scans in Schools

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    InsureMO

    InsureMO Partners with Cyble to Revolutionize Cyber Insurance with Real-Time Threat Intelligence

    Countdown to TimeAI Summit 2023

    Countdown to TimeAI Summit 2023: Unveiling the Future of Artificial Intelligence in Dubai

    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin
SUBSCRIBE
  • MagazineDownload
  • Firewall Daily
    • All
    • Bug Bounty & Rewards
    • Dark Web News
    • Data Breach News
    • Hacking News
    • Ransomware News
    • Vulnerabilities
    SPARRSO data breach

    Cyberattack on SPARRSO Raises Concerns Over Security in Bangladesh

    GTA 6 Map Leak

    The GTA 6 Map Leaked by Rockstar Employee’s Son: What’s Disclosed?

    TrickMo Banking Trojan

    TrickMo Banking Trojan Resurfaces with New Features, Targeting Android Devices this Time Around

    Vietnam Electricity data breach

    BlackCat Ransomware Strikes Ho Chi Minh City Power Corporation

    cybersecurity

    Emerging Trends and Challenges in Cybersecurity: Insights from Abul Kalam Azad

    Spyroid Rat Android RAT

    Unmasking Spyroid Rat: An In-Depth Look at the Menacing Android RAT

    MIRLE Group cyberattack

    MIRLE Group Targeted by Notorious LockBit Ransomware Group

    Cosmote Cyberattack

    Anonymous Collective Targets Greece’s Largest Mobile Operator Cosmote; Website Currently Down

    Colonial Pipeline Data Breach

    Colonial Pipeline Hit by ‘CyberNiggers’ Hacker Group, Sensitive Data for Sale on Dark Web

    Trending Tags

    • blackbyte ransomware
    • Ransomware
    • lapsus$ ransomware
    • Apple
    • Apple vulnerability
  • Essentials
    • All
    • Compliance
    • Governance
    • Policy Updates
    • Regulations
    AI Security Guidelines

    Rethinking AI For Cybersecurity: The UK & US Reveals New Guidelines For AI Security

    Cyber Insurance

    Cyber Insurance and Real-Time Threat Dashboard to Mend the Gaps in Near Future

    Pledge to Stop Ransom Payment

    Pledge to Stop Ransom Payment Awaits Consensus from all Members of the CRI

    Executive Order on Artificial Intelligence

    Biden Administration’s AI Directive: A Blueprint for Ethical Use and Enhanced Cybersecurity

    Cyber Resilience

    Towards Cyber Resilience: A Data-Centric Approach to Security

    CybleGrowCon

    Cyble Partner Network GrowCon 2023: Uniting Cybersecurity Leaders

    GRC, What is GRC

    What is GRC (Governance, Risk & Compliance): A Beginner’s Guide

    Facial Recognition Ban

    New York State Education Department Bans Facial Recognition Scans in Schools

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    US Cybersecurity Regulations: Tracing the Past and Predicting the Future

    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • All
    • Appointments
    • Budgets
    • Mergers & Aquisitions
    • Partnerships
    • Press Release
    • Startups
    InsureMO

    InsureMO Partners with Cyble to Revolutionize Cyber Insurance with Real-Time Threat Intelligence

    Countdown to TimeAI Summit 2023

    Countdown to TimeAI Summit 2023: Unveiling the Future of Artificial Intelligence in Dubai

    Emerging Tech Summit

    The Emerging Tech Summit – Saudi Arabia 2023

    Business Cybersecurity

    Prioritizing Business Cybersecurity Plans During Mergers and Acquisitions

    TimeAI Summit

    TimeAI Summit is Uniting Tech Giants and Visionaries in Dubai to Shape the Future of AI

    CyberDSA 2023

    CyberDSA 2023: Forging a Resilient Digital Future Through Unprecedented Collaboration

    Summit MENA 2023

    MENA Summit 2023: Exploring the Future of Digital Identity & Authentication

    Cyble Raises 24 Million in Series B Funding

    Cyble Raises 24 Million in Series B Funding: Leveraging AI and Threat Intelligence to Revolutionize Cybersecurity

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    Alarming 66% Quarterly Growth in Ransomware Attacks Notes Cyble’s Q2-2023 Ransomware Report

    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • EventsCyberCon
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • ProductsTools
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin
No Result
View All Result
The Cyber Express
No Result
View All Result
Home Cybersecurity News

CERT-IN Issues Alert on Zoho ManageEngine Vulnerability

The Indian Cyber Emergency Response Team (CERT-IN) has issued an alert on a remote code execution vulnerability in Zoho ManageEngine products.

Chandu Gopalakrishnan by Chandu Gopalakrishnan
January 18, 2023 - Updated on March 1, 2023
in Cybersecurity News
0
Zoho ManageEngine Vulnerability
621
SHARES
3.5k
VIEWS
Share on LinkedInShare on Twitter

The Indian Cyber Emergency Response Team (CERT-IN) has issued an alert on a remote code execution vulnerability in Zoho ManageEngine products. The vulnerability, tracked as CVE-2022-47966, was patched by Zoho by the end of October 2022. 

With a severity rating of High, the bug makes ManageEngine ServiceDesk Plus version 14003 and ManageEngine Endpoint Central version 10.1.2228.10 vulnerable to attacks. 

You might also like

The Man Behind the Arlington Explosion: Ex-Telecom Security Chief Suspected

Koh Brothers Eco Engineering Limited Hit by Cyberattack, Prompting Immediate Response

The Top 5 Tech Trends to Watch Out for in 2024

“A Vulnerability has been reported in Zoho ManageEngine products which could allow an attacker to execute arbitrary code to gain sensitive information on the targeted system,” said the CERT-IN note.  

“This vulnerability exists in Zoho ManageEngine products if SAML single-sign-on is enabled or has ever been enabled before. An attacker could exploit this vulnerability by sending a specially-crafted request.” 

Tapping this bug could allow an attacker to run arbitrary code to access sensitive information on the system targeted. 

The alert comes after researchers at Horizon3 found that the vulnerability can be exploited for initial access to victim systems and for lateral movement within networks using highly privileged credentials.  

Zoho ManageEngine vulnerability and the scope of attack 

Zoho’s ManageEngine products are used by over 280,000 organizations worldwide, putting many at risk if they have not patched their installations.  

Researchers at Horizon3 warns that many organizations may not have patched yet due to slow enterprise patch cycles.  

Zoho has issued an advisory, urging organizations to apply the patch as soon as possible. The vulnerability allows for remote code execution with system-level privileges, giving an attacker full control of the system.  

“ManageEngine products are some of the most widely used across enterprises and perform business functions such as authentication, authorization, and identity management,” read the Horizon3 report. 

“Given the nature of these products, a vulnerability such as this poses critical risk to organizations allowing attackers initial access, if exposed to the internet, and the ability for lateral movement with highly privileged credentials.” 

Zoho ManageEngine and the vulnerability history 

The Horizon3 report lists 5,255 exposed instances of ServiceDesk Plus, with 509 having SAML enabled and 3105 exposed instances of Endpoint Central, with 345 having SAML enabled.  

“From this we presume that roughly 10% of all ManageEngine products exposed to the Internet have SAML enabled. Organizations that use SAML in the first place tend to be larger and more mature and are likely to be higher value targets for attackers,” said the report. 

This is the latest among the list of the major Zoho systems vulnerabilities spotted over the past few months. 

Zoho has called on customers on January 4 to patch a significant security vulnerability that affects various ManageEngine products.  

The vulnerability, identified as CVE-2022-47523, is an SQL injection issue found in the Password Manager Pro secure vault, PAM360 privileged access management software, and Access Manager Plus privileged session management solution. 

CISA issued a warning about a critical vulnerability (CVE-2022-35405) in ManageEngine products in September 2022.  

This vulnerability, if exploited, could enable attackers to gain remote code execution on servers that have not applied the necessary patches and are running PAM360, Access Manager Plus, and Password Manager Pro.

Share this:

  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • More
  • Click to email a link to a friend (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)

Related

Tags: Zoho ManageEngine Vulnerability
Previous Post

Doxing Alert: User Claims Facebook Exposed Phone Number to 90,000 YouTube Followers

Next Post

Royal Ransomware Group Adds Livingston International to Leak Site

Chandu Gopalakrishnan

Chandu Gopalakrishnan

Executive Editor, The Cyber Express

Related Posts

James Yoo
Cybersecurity News

The Man Behind the Arlington Explosion: Ex-Telecom Security Chief Suspected

by Samiksha Jain
December 5, 2023
KBEE cyberattack
Cybersecurity News

Koh Brothers Eco Engineering Limited Hit by Cyberattack, Prompting Immediate Response

by Samiksha Jain
December 4, 2023
Tech Trends
Cybersecurity News

The Top 5 Tech Trends to Watch Out for in 2024

by Editorial
December 1, 2023
Virtual Currency Mixer Sinbad.io
Cybersecurity News

US Treasury Sanctions Sinbad.io for Alleged Role in Lazarus Group’s Money Laundering

by Samiksha Jain
November 30, 2023
cybercriminals arrested in Ukraine
Cybersecurity News

Collaborative Effort Across 7 Nations Leads to Arrest of Ransomware Gang in Ukraine

by Ishita Tripathi
November 28, 2023
Next Post
Royal Ransomware Group

Royal Ransomware Group Adds Livingston International to Leak Site

Latest Issue is Out. Subscribe Now

Cybersecurity Magazine



Follow Us On Google News

Latest Cyber News

SPARRSO data breach
Firewall Daily

Cyberattack on SPARRSO Raises Concerns Over Security in Bangladesh

December 5, 2023
GTA 6 Map Leak
Firewall Daily

The GTA 6 Map Leaked by Rockstar Employee’s Son: What’s Disclosed?

December 5, 2023
TrickMo Banking Trojan
Dark Web News

TrickMo Banking Trojan Resurfaces with New Features, Targeting Android Devices this Time Around

December 5, 2023
Vietnam Electricity data breach
Firewall Daily

BlackCat Ransomware Strikes Ho Chi Minh City Power Corporation

December 4, 2023

Categories

Web Stories

Top 10 CISOs to Follow in 2023
Top 10 CISOs to Follow in 2023
Top 10 Ransomware Gangs in 2023
Top 10 Ransomware Gangs in 2023
Top 5 IoT Security Risks in 2023
Top 5 IoT Security Risks in 2023
Top 10 CTF Platforms in 2023
Top 10 CTF Platforms in 2023
Types of Risks Covered by Cyber Insurance
Types of Risks Covered by Cyber Insurance

About

The Cyber Express by Cyble

#1 Trending Cybersecurity News and Magazine

The Cyber Express  by Cyble is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.

 

Contact

For editorial queries: [email protected]

For marketing and Sales: [email protected]

For Events & Conferences related information: [email protected]

 

Quick Links

  • About Us
  • Advertise With Us
  • Contact Us
  • Editorial Calendar

Our Address

We’re remote friendly, with office locations around the world:

San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad,  Singapore, Jakarta, Sydney, and Melbourne

 

Headquarters:

The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.

 

India Office:

Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063

Subscribe to Our Feed

RSS Feeds

Follow Us On Google News
  • Privacy Statement
  • Terms of Use
  • Write For Us

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

No Result
View All Result
  • Magazine
  • Firewall Daily
  • Essentials
    • Regulations
    • Compliance
    • Governance
    • Policy Updates
  • Features
    • Cyber Warfare
    • Espionage
    • Workforce
      • Learning & Development
  • Business
    • Startups
    • Mergers & Aquisitions
    • Partnerships
    • Appointments
    • Budgets
    • Research
      • Whitepapers
      • Sponsored Content
      • Market Reports
    • Interviews
      • Podcast
  • Events
    • World CyberCon India 2023
    •  Cyber Security Webinar
    • Endorsed Events
  • Products
    • Cyble Vision
    • Cyble Hawk (LEA, Govt.)
    • Am I Breached
    • Cyble Odin

© 2023 The Cyber Express (Cybersecurity News and Magazine) | By Cyble Inc.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
Top 10 CISOs to Follow in 2023 Top 10 Ransomware Gangs in 2023 Top 5 IoT Security Risks in 2023 Top 10 CTF Platforms in 2023 Types of Risks Covered by Cyber Insurance