14.2 C
London
Wednesday, October 13, 2021

Rwanda’s response to COVID-19 brings out the need to prepare and learn from practice

Wash your hands, wear your face mask and practice physical distancing. These COVID-19 safety measures by the World Health Organization (WHO) will probably go down in the World’s history as the most repeated and translated words of the year 2020.  Since December 2019, COVID-19 has imposed itself onto the World forcing everyone to rethink the…
More

    Latest Posts

    Ricarlo Flanagan, ‘Shameless’ actor, dead at 40: report

    Ricarlo Flanagan, the actor, rapper and stand-up comedian best known for "Shameless" and being a semifinalist on Season 9 of "Last Comic Standing," has died at age 40.Flanagan’s agent, Stu Golfman of KMR Talent confirmed the news of his death to Deadline with a statement that read: "Ricarlo was one of the nicest people I…

    Wendy Williams postpones talk show return amid health issues

    Wendy Williams will continue her hiatus from her eponymous talk show.She will not return to host "The Wendy Williams Show" next Monday, her production company, Debmar-Mercury, announced via the show’s Instagram on Tuesday.The show, however, will go on and will start "airing originals" on Oct. 18, "with an exciting lineup of guest hosts and panels…

    Here’s when NASCAR is probably switching to hybrids

    NASCAR NextGen Cup Series cars revealed NASCAR Sr. V.P. of Racing Innovation John Probst joins Fox News Autos Editor Gary Gastelu in The Fox Garage to talk about the NASCAR NextGen Cup Series car that's set to debut at Daytona next February.Big change is coming to NASCAR next year in the form of its Next…

    Candace Cameron Bure reveals ‘The View’ left her with PTSD

    Candace Cameron Bure is opening up about the challenges that came from starring on "The View."The Hallmark actress revealed on a recent podcast that her two-season stint on the ABC talk show "took its toll" on her.Speaking on the "Behind the Table" podcast, the "Fuller House" alum said thinking about the "stress and anxiety" she…

    FBI warns hackers could be exploiting critical Zoho bug

    Hacker Typing

    (Image credit: Shutterstock)

    In a new joint security advisory, the FBI, CISA and the Coast Guard Cyber Command (CGCYBER) are warning enterprise organizations that state-sponsored advanced persistent threat (APT) groups are actively exploiting a critical flaw in software from Zoho.

    The vulnerability itself, tracked as CVE-2021-40539, was discovered in Zoho’s ManageEngine ADSelfService Plus software that provides both single sign-on and  password management capabilities. If this flaw is exploited successfully, it can allow an attacker to take over vulnerable systems on a company’s network.

    This new joint security advisory comes on the heels of a similar warning recently issued by CISA alerting organizations that the security flaw, which can be exploited to achieve remote code execution, in Zoho’s software is being actively exploited in the wild.

    CISA provided further details on how threat actors are exploiting this vulnerability in its joint security advisory with the FBI and CGCYBER, saying:

    “The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software. Successful exploitation of the vulnerability allows an attacker to place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting lateral movement, and exfiltrating registry hives and Active Directory files.”

    Lateral movement

    When the authentication bypass vulnerability in ManageEngine ADSelfService has been exploited in the wild, attackers have leveraged it to deploy JavaServer Pages (JSP) web shells disguised as an X509 certificate

    By deploying this web shell, attackers are able to move laterally across an organization’s network using Windows Management Instrumentation (WMI) to gain access to domain controllers and dump NTDS.dit and SECURITY/SYSTEM registry hives according to a new report from BleepingComputer.

    It’s worth noting that the APT groups actively exploiting this vulnerability in the wild have launched attacks targeting organizations across a variety of industries including academia, defense, transportation, IT, manufacturing, communications, logistics and finance.

    Organizations that use Zoho ManageEngine ADSelfService should update their software to the latest version which was released earlier this month and contains a patch for CVE-2021-40539. The FBI, CISA and CGCYBER also recommend that organizations ensure that ADSelfService Plus is not directly accessible from the internet to prevent falling victim to any potential attacks leveraging this vulnerability.

    Via BleepingComputer

    Anthony Spadafora

    After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal and TechRadar. He has been a tech enthusiast for as long as he can remember and has spent countless hours researching and tinkering with PCs, mobile phones and game consoles.

    Latest Posts

    Ricarlo Flanagan, ‘Shameless’ actor, dead at 40: report

    Ricarlo Flanagan, the actor, rapper and stand-up comedian best known for "Shameless" and being a semifinalist on Season 9 of "Last Comic Standing," has died at age 40.Flanagan’s agent, Stu Golfman of KMR Talent confirmed the news of his death to Deadline with a statement that read: "Ricarlo was one of the nicest people I…

    Wendy Williams postpones talk show return amid health issues

    Wendy Williams will continue her hiatus from her eponymous talk show.She will not return to host "The Wendy Williams Show" next Monday, her production company, Debmar-Mercury, announced via the show’s Instagram on Tuesday.The show, however, will go on and will start "airing originals" on Oct. 18, "with an exciting lineup of guest hosts and panels…

    Here’s when NASCAR is probably switching to hybrids

    NASCAR NextGen Cup Series cars revealed NASCAR Sr. V.P. of Racing Innovation John Probst joins Fox News Autos Editor Gary Gastelu in The Fox Garage to talk about the NASCAR NextGen Cup Series car that's set to debut at Daytona next February.Big change is coming to NASCAR next year in the form of its Next…

    Candace Cameron Bure reveals ‘The View’ left her with PTSD

    Candace Cameron Bure is opening up about the challenges that came from starring on "The View."The Hallmark actress revealed on a recent podcast that her two-season stint on the ABC talk show "took its toll" on her.Speaking on the "Behind the Table" podcast, the "Fuller House" alum said thinking about the "stress and anxiety" she…

    Don't Miss

    The new Tile trackers are cool, but the real Apple AirTags competitor arrives in 2022

    Tile has just launched the latest versions of its popular Bluetooth trackers. Its entire range of iOS and Android compatible products – including Tile Pro and Tile Mate – have been updated with new features for this year, but that wasn’t all Tile has to announce.At the same time, Tile has unveiled a new tracker…

    Samsung’s ‘extreme ultraviolet’ RAM is set to be super-fast – but when’s it coming to PCs?

    Home News Computing (Image credit: Samsung) Samsung has announced that it has started mass producing what it claims is the ‘industry’s smallest’ 14-nanometer (nm) DDR5 DRAM, offering drastically improved speeds over the previous generation DDR4 RAM (which is what most of our PCs are currently using).By utilising the pretty awesome sounding extreme ultraviolet (EUV) technology,…

    Magic Leap 2 is real and raises the bar for pro AR headsets

    Home News VR (Image credit: Magic Leap) After a prolonged period of radio silence, augmented reality (AR) startup Magic Leap has re-entered the fold with the announcement of an all-new workplace-focused headset, the Magic Leap 2.The move comes as the company’s CEO Peggy Johnson revealed Magic Leap has raised $500 million in investor funding to…

    Will Smith and Stephen Fry are your new workout buddies from Fitbit and Apple

    Home News Fitness (Image credit: Fitbit / Apple) Apple Fitness Plus and Fitbit Premium are fighting for your loyalty, and have enlisted some big celebrity names to right their respective corners. Fitbit has released a new set of intense workouts led by Will Smith, while Apple has launched a new Time to Walk broadcast featuring…

    This is what an iPhone with USB-C could be like

    Home News Mobile Phones (Image credit: TechRadar) While just about every non-Apple smartphone (and most other portable gadgets) charges over USB-C, Apple has stubbornly stuck with its proprietary Lightning connector, but now a talented robotics student has shown what could have been.Ken Pillonel has for a while been working on modifying an iPhone so that…

    Stay in touch

    To be updated with all the latest news, offers and special announcements.

    × Share your content