Another Zoho ManageEngine Zero-Day Under Active Attack

The latest vulnerability is an authenticationbypass vulnerability in ManageEngine Desktop Central that can allow an attacker to execute arbitrary code. APT actors have been exploiting the bug, tracked as CVE202144515, since at least late October. No one has yet identified the APT responsible, but it’s likely the attacks are linked and those responsible are from China.

The bug is the third zeroday under active attack that researchers have discovered in the Zoho suite since September. Unit 42 researchers combined the two previously known active attack fronts against Zoho’s ManageEngine as the “TitledTemple” campaign.

Another Zoho ManageEngine Zero-Day Under Active Attack

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Another Zoho ManageEngine Zero-Day Under Active Attack

21-Dec-21

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address