Active Attack: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

LINK his joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus—IT help desk software with asset management.

Breach Announcements – December 2, 2021

Planned Parenthood – LA Branch – unspecified data breach releasing 400k patients of data Above is a list of Companies I have information for that have confirmed some sort of Breach (its obviously not complete since most never report anything, just what I hear about) Note: This is going to be a new type of […]

CISA Adds Five Known Exploited Vulnerabilities to Catalog

LINK VE Number  CVE Title Remediation Due Date CVE-2020-11261 Qualcomm Multiple Chipsets Improper Input Validation Vulnerability 06/01/2022 CVE-2018-14847 MikroTik Router OS Directory Traversal Vulnerability 06/01/2022 CVE-2021-37415 Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability 12/15/2021 CVE-2021-40438 Apache HTTP Server-Side Request Forgery (SSRF)  12/15/2021 CVE-2021-44077 Zoho ManageEngine ServiceDesk Plus Remote Code Execution 12/15/2021 Here is the actual list […]