ServiceDesk Plus 15120: errore REQ:2002 durante l’aggiornamento https://gioxx.org/2025/08/20/servicedesk-plus-15120-req2002

#database #helpdesk #lavoro #manageengine #manageengineservicedeskplus #microsoftwindows #microsoftwindows2016 #patch #ricercaesviluppo #servicedeskplus #software

#BSI WID-SEC-2025-1131: [NEU] [mittel] #Zoho #ManageEngine #ServiceDesk #Plus: Schwachstelle ermöglicht Offenlegung von Informationen

Ein entfernter, authentisierter Angreifer kann eine Schwachstelle in Zoho ManageEngine ServiceDesk Plus ausnutzen, um Informationen offenzulegen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1131

🎙️ In cybersecurity today, it’s not just about flashy innovation — it’s about smart integration that actually builds trust. In this On Location Briefing from #RSAC2025, we explore why connecting the dots matters more than chasing the next big thing.

🚀 New Briefing from #RSAC 2025: From Tools to Trust — Why Integration Beats Innovation Hype in Cybersecurity

At RSA Conference 2025, Sean Martin, CISSP caught up with Vivin Sathyan, Senior Technology Evangelist at ManageEngine, to discuss why integration, simplicity, and a trust-first approach are redefining effective cybersecurity programs.

🔐 Why is layering more and more tools no longer the answer?

Find out how ManageEngine is helping organizations focus on seamless security integration to drive real resilience and smarter risk management.

🎙️ Watch, listen, or read the full conversation here:
👉 https://www.itspmagazine.com/their-stories/from-tools-to-trust-why-integration-beats-innovation-hype-in-cybersecurity-a-brand-story-with-vivin-sathyan-from-manageengine-an-on-location-rsac-conference-2025-brand-story

📌 Learn more about ManageEngine’s work:
👉 https://www.itspmagazine.com/directory/manageengine

🛰️ See all our RSAC 2025 coverage:
👉 https://www.itspmagazine.com/rsac25

🌟 Discover more On Location Conversations, Brand Stories, and Briefings:
👉 https://www.itspmagazine.com/brand-story

🎥🎙️ This is just one of the many incredible conversations we recorded On Location in San Francisco, as Sean Martin and Marco Ciappelli covered the event as official media partners for the 11th year in a row.

Stay tuned for more Briefings, Brand Stories, and candid conversations from RSAC 2025!

🎤 Looking ahead:
If your company would like to share your story with our audiences On Location, we’re gearing up for #InfosecurityEurope in June and #BlackHatUSA in August!

⚡ RSAC 2025 sold out fast — we expect the same for these next events.
🎯 Reserve your full sponsorship or briefing now: https://www.itspmagazine.com/purchase-programs

#cybersecurity #infosec #infosecurity #technology #tech #society #business #securityintegration #trustbasedsecurity #cyberresilience #manageengine

During our visit to Zoho Corp Headquarters, we had the chance to meet the ManageEngine team.

It was a great opportunity to learn more about their work in IT management, security, and automation. Their focus on building reliable, effective solutions for businesses stood out throughout our discussions.

#Pinerium #OmnipresentIntegratedSolutions #ManageEngine #ITManagement #Cybersecurity #Automation #PineriumAtZoho #ZohoCollaboration

The flaw, discovered in builds 6510 and earlier, could enable attackers to bypass authentication safeguards and access sensitive user enrollment data, potentially leading to account takeovers.

The company resolved the issue in build 6511, released on February 26, 2025, and urges immediate patching for all affected systems.

https://cybersecuritynews.com/zoho-adselfservice-plus-vulnerability/

#ZoHo #ZohoSoftware #ManageEngine

#BSI WID-SEC-2024-2054: [NEU] [hoch] #Zoho #ManageEngine #Endpoint #Central: Schwachstelle ermöglicht Umgehung von Sicherheitsvorkehrungen und Offenlegung von Informationen

Ein entfernter, authentifizierter Angreifer kann eine Schwachstelle in Zoho ManageEngine Endpoint Central ausnutzen, um vertrauliche Informationen offenzulegen und Sicherheitsvorkehrungen zu umgehen, um so einen Ransomware-Angriff durchzuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-2054

#BSI WID-SEC-2024-1915: [NEU] [niedrig] #Zoho #ManageEngine #ServiceDesk #Plus: Schwachstelle ermöglicht Cross-Site Scripting

Ein Angreifer kann eine Schwachstelle in Zoho ManageEngine ServiceDesk Plus ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1915

#ManageEngine #ADAudit - Reverse engineering #Windows #RPC to find CVEs

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part1/

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part2/

https://www.shelltrail.com/research/manageengine-adaudit-reverse-engineering-windows-rpc-to-find-cve-2024-36036-and-cve-2024-36037-part3/

🛑 Hackers are using fake domains of popular IP scanners like Advanced IP Scanner & #ManageEngine in a #Google Ads malvertising scheme to spread the MadMxShell backdoor – 45+ domains created since November 2023.

https://thehackernews.com/2024/04/malicious-google-ads-pushing-fake-ip.html

#cybersecurity

"🚨 Lazarus Group Unleashes CollectionRAT in Sophisticated Campaigns 🚨"

Lazarus Group, a North Korean state-sponsored actor, has been utilizing infrastructure reuse to launch sophisticated cyber attacks. Their latest campaign exploits CVE-2022-47966, a vulnerability in ManageEngine ServiceDesk, to deploy multiple threats including a new malware, CollectionRAT. This RAT showcases capabilities such as executing arbitrary commands and managing files on infected systems. Intriguingly, Lazarus Group is increasingly leveraging open-source tools like the DeimosC2 framework, marking a strategic shift in their attack methodologies. CollectionRAT, along with other tools like the malicious PuTTY Link (Plink), indicates a refined approach in their cyber warfare tactics.

Details: Cisco Talos Blog

Authors: Asheer Malhotra, Vitor Ventura, Jungsoo An

Tags: #Cybersecurity #LazarusGroup #APT #CollectionRAT #DeimosC2 #CVE202247966 #ManageEngine #Plink #NorthKorea #StateSponsoredCyberAttacks 💻🌍🔐

Mitre - Lazarus Group