#BSI WID-SEC-2025-1131: [NEU] [mittel] #Zoho #ManageEngine #ServiceDesk #Plus: Schwachstelle ermöglicht Offenlegung von Informationen
Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Zoho ManageEngine ServiceDesk Plus ausnutzen, um Informationen offenzulegen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1131
🎙️ In cybersecurity today, it’s not just about flashy innovation — it’s about smart integration that actually builds trust. In this On Location Briefing from #RSAC2025, we explore why connecting the dots matters more than chasing the next big thing.
🚀 New Briefing from #RSAC 2025: From Tools to Trust — Why Integration Beats Innovation Hype in Cybersecurity
At RSA Conference 2025, Sean Martin, CISSP caught up with Vivin Sathyan, Senior Technology Evangelist at ManageEngine, to discuss why integration, simplicity, and a trust-first approach are redefining effective cybersecurity programs.
🔐 Why is layering more and more tools no longer the answer?
Find out how ManageEngine is helping organizations focus on seamless security integration to drive real resilience and smarter risk management.
🎙️ Watch, listen, or read the full conversation here:
👉 https://www.itspmagazine.com/their-stories/from-tools-to-trust-why-integration-beats-innovation-hype-in-cybersecurity-a-brand-story-with-vivin-sathyan-from-manageengine-an-on-location-rsac-conference-2025-brand-story
📌 Learn more about ManageEngine’s work:
👉 https://www.itspmagazine.com/directory/manageengine
🛰️ See all our RSAC 2025 coverage:
👉 https://www.itspmagazine.com/rsac25
🌟 Discover more On Location Conversations, Brand Stories, and Briefings:
👉 https://www.itspmagazine.com/brand-story
🎥🎙️ This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.
Stay tuned for more Briefings, Brand Stories, and candid conversations from RSAC 2025!
🎤 Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for #InfosecurityEurope in June and #BlackHatUSA in August!
⚡ RSAC 2025 sold out fast — we expect the same for these next events.
🎯 Reserve your full sponsorship or briefing now: https://www.itspmagazine.com/purchase-programs
#cybersecurity #infosec #infosecurity #technology #tech #society #business #securityintegration #trustbasedsecurity #cyberresilience #manageengine
During our visit to Zoho Corp Headquarters, we had the chance to meet the ManageEngine team.
It was a great opportunity to learn more about their work in IT management, security, and automation. Their focus on building reliable, effective solutions for businesses stood out throughout our discussions.
#Pinerium #OmnipresentIntegratedSolutions #ManageEngine #ITManagement #Cybersecurity #Automation #PineriumAtZoho #ZohoCollaboration
Hey Mastodon, question for my #sysadmin and #DevOps types. Has anyone used #Pester and #PSScriptAnalyzer to set up unit testing for test driven development, particularly on (relatively) simple #PowerShell scripts like you might use for application detection, installation, and uninstallation from a system like #SCCM #Intune or #ManageEngine ?
Apologies for the buzzword bingo, but I’m trying to reach folks who may be following the hashtags, but not necessarily have a connection otherwise.
The flaw, discovered in builds 6510 and earlier, could enable attackers to bypass authentication safeguards and access sensitive user enrollment data, potentially leading to account takeovers.
The company resolved the issue in build 6511, released on February 26, 2025, and urges immediate patching for all affected systems.
https://cybersecuritynews.com/zoho-adselfservice-plus-vulnerability/
#BSI WID-SEC-2024-2054: [NEU] [hoch] #Zoho #ManageEngine #Endpoint #Central: Schwachstelle ermöglicht Umgehung von Sicherheitsvorkehrungen und Offenlegung von Informationen
Ein entfernter, authentifizierter Angreifer kann eine Schwachstelle in Zoho ManageEngine Endpoint Central ausnutzen, um vertrauliche Informationen offenzulegen und Sicherheitsvorkehrungen zu umgehen, um so einen Ransomware-Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2054
Vulnerabilidad crítica en #OpManager de #ManageEngine permite a los #hackers realizar ataques de ejecución remota de código #RCE
https://blogs.masterhacks.net/noticias/hacking-y-ciberdelitos/vulnerabilidad-critica-en-opmanager-de-manageengine-permite-la-ejecucion-remota-de-codigo/
#BSI WID-SEC-2024-1915: [NEU] [niedrig] #Zoho #ManageEngine #ServiceDesk #Plus: Schwachstelle ermöglicht Cross-Site Scripting
Ein Angreifer kann eine Schwachstelle in Zoho ManageEngine ServiceDesk Plus ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1915
#ManageEngine #ADAudit - Reverse engineering #Windows #RPC to find CVEs
🛑 Hackers are using fake domains of popular IP scanners like Advanced IP Scanner & #ManageEngine in a #Google Ads malvertising scheme to spread the MadMxShell backdoor – 45+ domains created since November 2023.
https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html
"🚨 Lazarus Group Unleashes CollectionRAT in Sophisticated Campaigns 🚨"
Lazarus Group, a North Korean state-sponsored actor, has been utilizing infrastructure reuse to launch sophisticated cyber attacks. Their latest campaign exploits CVE-2022-47966, a vulnerability in ManageEngine ServiceDesk, to deploy multiple threats including a new malware, CollectionRAT. This RAT showcases capabilities such as executing arbitrary commands and managing files on infected systems. Intriguingly, Lazarus Group is increasingly leveraging open-source tools like the DeimosC2 framework, marking a strategic shift in their attack methodologies. CollectionRAT, along with other tools like the malicious PuTTY Link (Plink), indicates a refined approach in their cyber warfare tactics.
Details: Cisco Talos Blog
Authors: Asheer Malhotra, Vitor Ventura, Jungsoo An
Tags: #Cybersecurity #LazarusGroup #APT #CollectionRAT #DeimosC2 #CVE202247966 #ManageEngine #Plink #NorthKorea #StateSponsoredCyberAttacks 💻🌍🔐
ServiceDesk Plus: selezione multipla delle checkbox via Javascript
https://gioxx.org/2023/09/15/servicedesk-plus-selezione-multipla-delle-checkbox-via-javascript/
#Lavoro #GoogleChrome #HelpDesk #Javascript #Lavoro #ManageEngine #ManageEngineServiceDeskPlus #RicercaESviluppo #ServiceDeskPlus #Software
#Lazarus #APT exploits #Zoho #ManageEngine flaw to target an #Internet backbone infrastructure provider
https://securityaffairs.com/149829/apt/lazarus-apt-exploits-zoho-manageengine-flaw.html
#securityaffairs #hacking
Pulling SYSTEM out of #Windows GINA — #Authentication #Bypass to SYSTEM shell in #ManageEngine #ADSelfService Plus Windows GINA Client
// by @pedrib1337@twitter.com
https://github.com/pedrib/PoC/blob/master/advisories/ManageEngine/adselfpwnplus/adselfpwnplus.md
ServiceDesk Plus: modifica estetica del popup di risposta
https://gioxx.org/2023/06/27/servicedesk-plus-modifica-estetica-del-popup-di-risposta/
#Lavoro #CSS #HelpDesk #Lavoro #ManageEngine #ManageEngineServiceDeskPlus #RicercaESviluppo #ServiceDeskPlus #Software
Chilling here in Toronto right now, waiting for the ManageEngine UserConf to begin. My body is still on Pacific time so as far as it's concerned it's too damn early to be awake. On my second cup of ☕ for the day 👀
ServiceDesk Plus: modifica massiva di ticket con PowerShell
https://gioxx.org/2023/05/16/servicedesk-plus-modifica-massiva-di-ticket-con-powershell/
#Lavoro #API #HelpDesk #JSON #Lavoro #ManageEngine #ManageEngineServiceDeskPlus #MicrosoftWindows #MicrosoftWindows2016 #PowerShell #RicercaESviluppo #ServiceDeskPlus #Software
🚨New Vulnerability Alert: #ManageEngine ADManager Plus (CVE-2023-29084)! Update to version 7181 to stay secure. Details: https://eu1.hubs.ly/H03thkB0 #Cybersecurity #InfoSec #Patch
Kritische #Schwachstellen in #VMware CBAC & Zoho #ManageEngine, #Cyberangriffe auf Dole, Bayrischer Rundfunk, Feuerwehr Hamburg, sowie Landratsamt Böblingen und #EU Kommission setzt #TikTok auf Firmengeräten aus – das sind die #Hacker #News der Woche.
https://www.lastbreach.de/blog/die-weekly-hacker-news-230224
Hackers are actively exploiting CVE-2022-47966 flaw in #Zoho #ManageEngine
https://securityaffairs.com/142635/hacking/zoho-manageengine-attacks.html
#securityaffairs #hacking #cybercrime
