FBI and CISA warn of state hackers exploiting critical Zoho bug

Correlate

Level 16
Verified
May 4, 2019
731
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021.

Zoho's customer list includes "three out of five Fortune 500 companies," including Apple, Intel, Nike, PayPal, HBO, and many more.

The vulnerability tracked as CVE-2021-40539 was found in the Zoho ManageEngine ADSelfService Plus software, and it allows attackers to take over vulnerable systems following successful exploitation.
 
Top