Security News > 2021 > September > FBI and CISA warn of state hackers exploiting critical Zoho bug
The FBI, CISA, and the Coast Guard Cyber Command today warned that state-backed advanced persistent threat groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021.
The vulnerability tracked as CVE-2021-40539 was found in the Zoho ManageEngine ADSelfService Plus software, and it allows attackers to take over vulnerable systems following successful exploitation.
This joint security advisory follows a previous warning issued by CISA last week, also alerting of CVE-2021-40539 in the wild attacks that could allow threat actors to execute malicious code remotely on compromised systems.
"The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software," the joint advisory warns.
APT groups behind these attacks have targeted an extensive array of sectors from academic institutions and defense contractors to critical infrastructure entities.
Zoho has released Zoho ManageEngine ADSelfService Plus build 6114, which patches the CVE-2021-40539 vulnerability on September 6.
News URL
Related news
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
- FBI v the bots: Feds urge denial-of-service defense after critical infrastructure alert (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- CISA investigates critical infrastructure breach after Sisense hack (source)
- CISA says Sisense hack impacts critical infrastructure orgs (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-07 | CVE-2021-40539 | Use of Incorrectly-Resolved Name or Reference vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. | 9.8 |