Active Attack: APT Actors Exploiting CVE-2021-44077 in Zoho ManageEngine ServiceDesk Plus

LINK his joint advisory is the result of analytic efforts between the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) to highlight the cyber threat associated with active exploitation of a newly identified vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus—IT help desk software with asset management.

Used of Plex Media Servers – Be advised – Attackers are using Plex to make attacks more potent

LINK Misconfigurations of the Plex Media server is enabling attackers to use Plex to amplify DDoS attacks. In some cases—such as when the server uses the Simple Service Discovery Protocol to locate universal plug-and-play gateways on end users’ broadband modems—the Plex service registration responder gets exposed to the general Internet. Responses range from 52 bytes […]