Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

8 November 2021

At least nine entities across the technology, defense, healthcare, energy, and education industries were compromised by leveraging a recently patched critical vulnerability in Zoho’s ManageEngine ADSelfService Plus self-service password management and single sign-on (SSO) solution. The spying campaign, which was observed starting September 22, 2021, involved the threat actor taking advantage of the flaw to gain initial access to targeted organizations, before moving laterally through the network to carry out post-exploitation activities by deploying malicious tools designed to harvest credentials and exfiltrate sensitive information via a backdoor.

Read full article on The Hacker News

Date:

8 November 2021

Categorie(s):

NEWS

Tag(s):

Cyber Threats, Experts, ManageEngine, Palo Alto Networks, Using

Panda Restaurant Corporate Systems Hacked: Customer Data Exposed2 May 2024
NSW club patrons advised to replace ID documents after leak of more than a million records2 May 2024
Aussie Early Adopters of Copilot for Security2 May 2024
Hacker free-for-all fights for control of home and office routers everywhere2 May 2024
Verizon’s 2024 Data Breach Investigations Report: 5 key takeaways2 May 2024