Quote:The FBI, CISA and the U.S. Coast Guard Cyber Command (CGCYBER) warned today that state-backed advanced persistent threat (APT) actors are likely among those who’ve been actively exploiting a newly identified bug in a Zoho single sign-on and password management tool since early last month.
At issue is a critical authentication bypass vulnerability in Zoho ManageEngine ADSelfService Plus platform that can lead to remote code execution (RCE) and thus open the corporate doors to attackers who can run amok, with free rein across users’ Active Directory (AD) and cloud accounts.
The Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) platform for AD and cloud apps, meaning that any cyberattacker able to take control of the platform would have multiple pivot points into both mission-critical apps (and their sensitive data) and other parts of the corporate network via AD. It is, in other words, a powerful, highly privileged application which can act as a convenient point-of-entry to areas deep inside an enterprise’s footprint, for both users and attackers alike.
Last Tuesday, Zoho issued a patch – Zoho ManageEngine ADSelfService Plus build 6114 – for the flaw, which is tracked as CVE-2021-40539 with a 9.8 severity rating. As the Cybersecurity and Infrastructure Security Agency (CISA) warned at the time, it was being actively exploited in the wild as a zero-day.
According to today’s joint advisory from the three government cybersecurity arms – FBI, CISA and CGCYBER – the exploits pose “a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software.”
Read more: CISA, FBI: State-Backed APTs Are Exploiting Critical Zoho Bug | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
