Hackers are exploiting a critical authentication bypass vulnerability in ManageEngine Desktop Central MSP, an endpoint management tool used by managed service providers (MSPs). Attacks started before ManageEngine issued a patch, so all customers are advised to check their systems for signs of exploitation using a special tool released by the developers.
ManageEngine is a division of business software developer Zoho that's focused on IT management software. The division maintains a portfolio of over 90 products and free tools that are used by millions of system administrators in more than 180,000 companies around the world.News of this latest zero-day vulnerability comes after hackers exploited at least two other flaws in ManageEngine products this year. Attacks against MSPs and their tools have seen a rise over the past several years due to hackers realizing that compromising such organizations can provide an easy way into the networks of thousands of businesses that rely on them to manage their IT assets.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.
