Cybercriminals are exploiting a critical flaw in many of the popular IT tools provided by software maker Zoho ManageEngine to carry out data breaches and cyber-attacks. The vulnerability was reported to the company late last year and affects its wide range of services, including the on-premises and cloud versions of the company's Applications Manager, IT360, Network Configuration Manager, Desktop Central, and ServiceDesk Plus products.
The vulnerability, which is being tracked as CVE-2021-28636, has been rated 9.8 out of 10 on the Common Vulnerability Scoring System, meaning it has a high severity and could be easily exploited by malicious actors. According to security experts, attackers exploiting the critical flaw in ManageEngine products could gain access to the administrative interface, modify the system feature, issue commands and launch a wide range of malicious activities.
Due to this vulnerability, malicious actors can create new users, modify accounts, gain admin access to the system, launch exploits, hijack sessions, and launch other types of cyber-attacks such as data theft, phishing, network intrusions,etc. It is important that users of ManageEngine products update their systems with the latest patch to fix this issue and protect against any type of malicious activity.
Vulnerability issues are becoming increasingly common, and they can often lead to serious security breaches. It is therefore essential for organizations to practice robust network security habits and to ensure their cybersecurity infrastructure is updated and up-to-date. To reduce the chances of falling victim to a cyber-attack, it is also important to monitor the system for any suspicious activities and take steps to patch issues quickly.
This Cyber News was published on www.csoonline.com. Publication date: Mon, 23 Jan 2023 21:39:02 +0000