Get a Pentest and security assessment of your IT network.

News

Experts Detail Malicious Code Dropped Using ManageEngine ADSelfService Exploit

At least nine organizations in the U.S. were compromised by leveraging a recently patched security flaw in Zoho’s ManageEngine. The vulnerability relates to an authentication bypass vulnerability affecting REST API URLs that could enable remote code execution. A Chinese-language JSP web shell named “Godzilla” was followed by a custom Golang-based open-source Trojan called “NGLite” The attacker is believed to have targeted at least 370 Zoho servers beginning September 17, 2021. Microsoft, which is also independently tracking the same campaign, tied it to an emerging threat cluster.”]

Source: https://thehackernews.com/2021/11/experts-detail-malicious-code-dropped.html

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2