Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
eSentire has observed the active exploitation of the recently disclosed zero-day vulnerability in Zoho ManageEngine Desktop Central. The vulnerability was publicly noted on March 5th, 2020, along with proof-of-concept code for exploitation of the vulnerability . If exploited, the vulnerability can result in remote code execution on vulnerable systems which can lead to a variety of malicious outcomes, including data exfiltration and the downloading of additional malicious content.
As active exploitation of this vulnerability is already occurring in the wild, it is highly recommended that organizations deploy the official Zoho security patches to avoid compromise. Zoho has released guidance to assess if exploitation of vulnerable devices has already occurred .
What we’re doing about it
What you should do about it
The vulnerability resides in Zoho's ManageEngine Desktop Central before 10.0.474 and has been labeled CVE-2020-10189. Remote code execution can be achieved, under the context of SYSTEM, due to the deserialization of untrusted data in getChartImage in the FileStorage class .