Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of the flaw aren’t available – though, according to data collected by Greynoise, exploitation attempts don’t […]

Continue Reading

ManageEngine and Sectigo join forces to automate certificate lifecycle management

ManageEngine has integrated its key and certificate lifecycle management solution, Key Manager Plus, and Sectigo. A testament to Sectigo’s push for openness and interoperability in the identity, public key infrastructure (PKI), cryptography space, this integration enables IT admins using Sectigo certificates to automate the entire certificate lifecycle from a central platform. Customers can leverage this […]

Continue Reading

Photos: Infosecurity Europe 2022, part 2

It’s day two of Infosecurity Europe 2022 at the ExCeL in London. Here’s a look at the event, the featured vendors are: Akamai, SecurityScorecard, Edgescan, ManageEngine, Securonix, F5, ServiceNow, and Vade. The first photo gallery is available here. The post Photos: Infosecurity Europe 2022, part 2 appeared first on Help Net Security.

Continue Reading

Photos: RSA Conference 2022, part 3

RSA Conference 2022 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is available here, and part 2 is here. Here are a few photos from the event, featured vendors include: Digital Guardian, Human Security, Okta, Cynet, […]

Continue Reading

Photos: RSA Conference 2022, part 2

RSA Conference 2022 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news. Part 1 of the photos is available here. Here are a few photos from the event, featured vendors include: ZeroFOX, Delinea, Ping Identity, Microsoft, RSA Security, ManageEngine, Atakama and Noetic […]

Continue Reading

eBook: Anomaly Detection in Cybersecurity for Dummies

One of the best ways to defend against both internal and external attacks is to integrate anomaly detection, a.k.a. user and entity behavior analytics capabilities, into your security analytics solution. This eBook breaks down the different types of security anomalies and explain what each one looks like. The authors also explain how to determine the […]

Continue Reading

Attackers exploit another zero-day in ManageEngine software (CVE-2021-44515)

A vulnerability (CVE-2021-44515) in ManageEngine Desktop Central is being leveraged in attacks in the wild to gain access to server running the vulnerable software. About CVE-2021-44515 CVE-2021-44515 is an authentication bypass vulnerability that could be triggered by attackers by sending a specially crafted request, with the goal of achieving unauthenticated remote code execution. The issue […]

Continue Reading

Persistent APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)

An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech. “Successful exploitation of the vulnerability allows an attacker to upload executable files and place webshells, which enable the adversary to conduct post-exploitation activities, such as compromising administrator credentials, conducting […]

Continue Reading