Security News > 2021 > September > FBI and CISA warn of state hackers exploiting critical Zoho bug

The FBI, CISA, and the Coast Guard Cyber Command today warned that state-backed advanced persistent threat groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021.
The vulnerability tracked as CVE-2021-40539 was found in the Zoho ManageEngine ADSelfService Plus software, and it allows attackers to take over vulnerable systems following successful exploitation.
This joint security advisory follows a previous warning issued by CISA last week, also alerting of CVE-2021-40539 in the wild attacks that could allow threat actors to execute malicious code remotely on compromised systems.
"The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software," the joint advisory warns.
APT groups behind these attacks have targeted an extensive array of sectors from academic institutions and defense contractors to critical infrastructure entities.
Zoho has released Zoho ManageEngine ADSelfService Plus build 6114, which patches the CVE-2021-40539 vulnerability on September 6.
News URL
Related news
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- CISA: Medusa ransomware hit over 300 critical infrastructure orgs (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- Critical flaw in Next.js lets hackers bypass authorization (source)
- CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks (source)
- Critical FortiSwitch flaw lets hackers change admin passwords remotely (source)
- CISA extends funding to ensure 'no lapse in critical CVE services' (source)
- FBI seeks help to unmask Salt Typhoon hackers behind telecom breaches (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-07 | CVE-2021-40539 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | 9.8 |