Rewterz Threat Alert – Hive Ransomware Extorted $100M From Over 1,300 Companies Worldwide – Active IOCs

November 21, 2022

Rewterz Threat Advisory – CVE-2022-42494 – WordPress All in One SEO Pro plugin Vulnerability

November 21, 2022

Rewterz Threat Advisory – CVE-2021-40539 – Zoho ManageEngine ADSelfService Plus REST API Vulnerability

November 21, 2022

Severity

High

Analysis Summary

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus could allow a remote attacker to execute arbitrary code on the system, caused by a REST API authentication bypass. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution

Indicators Of Compromise

CVE

CVE-2021-40539

Affected Vendors

Zoho

Affected Products

Zoho ManageEngine ADSelfService Plus 5704
Zoho ManageEngine ADSelfService Plus 6003
Zoho ManageEngine ADSelfService Plus 6101
Zoho ManageEngine ADSelfService Plus 6103
Zoho ManageEngine ADSelfService Plus 6102
Zoho ManageEngine ADSelfService Plus 6113

Remediation

Upgrade to the latest version of ADSelfService Plus, available from the ManageEngine Website.

ManageEngine Website

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Python RAT Uses Discord Interface to Execute Remote Attacks

Critical Alert: Jordanian Banks Under Siege by Everest Ransomware Group

The SocGholish-RansomHub Connection – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – Hive Ransomware Extorted $100M From Over 1,300 Companies Worldwide – Active IOCs

Rewterz Threat Advisory – CVE-2022-42494 – WordPress All in One SEO Pro plugin Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.