Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Zoho zero-day published on Twitter

March 7, 2020
in Internet Security
Zoho zero-day published on Twitter
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A security researcher published yesterday details on Twitter about a zero-day vulnerability in a Zoho enterprise product.

Cyber-security experts who have reviewed the vulnerability have told ZDNet that the zero-day could spell trouble for companies around the world, as it could be an entry point for ransomware gangs to infect corporate networks and ransom their data.

You might also like

Cyberattack shuts down online learning at 15 UK schools

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

The vulnerability impacts the Zoho ManageEngine Desktop Central. According to the Zoho website, this is an endpoint management solution. Companies use the product to control their fleets of devices — such as Android smartphones, Linux servers, or Mac and Windows workstations.

The product works as a central server inside a company, allowing system administrators to push updates, take control over systems remotely, lock devices, apply access restrictions, and more.

Yesterday, a security researcher named Steven Seeley, published details, along with proof-of-concept demo code, about an unpatched bug in this product.

“This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine Desktop Central,” Seeley said.

The (attacker’s) code is executed without the need for authentication, and the code runs with root privileges on the machine, Seeley added.

This effectively means that hackers can take full control over ManageEngine systems, and a company’s fleet of devices.

Ideal for ransomware attacks

Products like Zoho’s ManageEngine are often employed by companies that provide remote IT support — called managed service providers (MSPs).

Over the past year, multiple ransomware gangs have figured out that they could target MSPs and the software they use to plant ransomware on the networks of their clients.

The bug disclosed today on Twitter puts all the companies that rely on Zoho ManageEngine, along with all the MSPs that rely on it and their clients, at risk.

“This sounds like the worst-case scenario for MSPs using this product,” Daniel Goldberg, a malware analyst at Guardicore told ZDNet. “They get breached, all their customers get breached and it’s a race who will attack first.”

“Ransomware groups at this point have it down to a science,” Goldberg added. “Find a simple reliable exploit like this, attack opportunistic victims, find those with money to pay, and profit.”

More than 2,300 exposed servers

Currently, there are more than 2,300 installations of Zoho ManageEngine systems exposed on the internet, according to Nate Warfield, an analyst for the Microsoft Security Response Center.

All of these 2,300 exposed instances are akin to gateways into those companies, due to the recently-shared zero-day.

In an interview with ZDNet, Leandro Velasco, a threat intel analyst for KPN Security, also pointed out that this vulnerability is also ideal for lateral movement.

Even if a company does not expose the Zoho ManageEngine Desktop Central over the internet, it can be used inside their networks.

An attacker gaining access to one computer inside a company’s network can use the Zoho zero-day to gain access over the ManageEngine server and then push malware to all the other computers on the company’s network.

Velasco has seen these types of attacks before while monitoring REvil (Sodinokibi) ransomware infections — one of the first ransomware strains to target MSPs and their software in so-called “supply chain attacks” on bigger targets.

This tactic — of attacking MSPs and their software — has now become mainstream among other ransomware gangs.

“In the last few months, we saw campaigns focusing on specialized software used by MSPs, like remote access management tooling,” said Sander Peters, head of KPN Security, in a report about the software supply chain risks in Europe.

In a similar report, US cyber-security firm Armor claims it tracked 13 MSPs in 2019 that have been hacked or had their software abused to install ransomware on the networks of their clients.

No disclosure

The Zoho zero-day will, without a doubt, trigger a wave of hacks. The Shodan search listed above unearths some “juicy” targets for hackers.

Currently, a patch is not available because Seeley never notified Zoho. On Twitter, the researcher claimed that “Zoho typically ignores researchers,” and shared the code online.

Some security researchers have criticized Seeley’s move to disclose the zero-day without notifying Zoho, calling it unprofessional. However, other security researchers said they’ve also been ignored when reporting issues to Zoho.

A Zoho spokesperson told ZDNet that Seeley never contacted its security team, and that they learned of the issue from a customer. A patch is expected for later today, at 10:30am PT.

Updated to add that the vulnerability, now tracked as CVE-2020-10189, has been patched in Zoho ManageEngine Desktop Central v10.0.479.


Credit: Zdnet

Previous Post

Machine learning illuminates material's hidden order

Next Post

Artificial intelligence is making artificial intelligence easier to build

Related Posts

Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
These two unusual versions of ransomware tell us a lot about how attacks are evolving
Internet Security

These two unusual versions of ransomware tell us a lot about how attacks are evolving

March 6, 2021
Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers
Internet Security

Microsoft: We’ve found three more pieces of malware used by the SolarWinds attackers

March 6, 2021
Next Post
Artificial intelligence is making artificial intelligence easier to build

Artificial intelligence is making artificial intelligence easier to build

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

How Optimizing MLOps can Revolutionize Enterprise AI
Machine Learning

How Optimizing MLOps can Revolutionize Enterprise AI

March 6, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Facebook enhances AI computer vision with SEER
Machine Learning

Facebook enhances AI computer vision with SEER

March 6, 2021
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Internet Security

Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments

March 6, 2021
Hands-on Guide to Interpret Machine Learning with SHAP –
Machine Learning

Hands-on Guide to Interpret Machine Learning with SHAP –

March 6, 2021
$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
Internet Security

$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud

March 6, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • How Optimizing MLOps can Revolutionize Enterprise AI March 6, 2021
  • Cyberattack shuts down online learning at 15 UK schools March 6, 2021
  • Facebook enhances AI computer vision with SEER March 6, 2021
  • Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments March 6, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates