FBI warns hackers could be exploiting critical Zoho bug



In a new joint security advisory, the FBI, CISA and the Coast Guard Cyber Command (CGCYBER) are warning enterprise organizations that state-sponsored advanced persistent threat (APT) groups are actively exploiting a critical flaw in software from Zoho.

The vulnerability itself, tracked as CVE-2021-40539, was discovered in Zoho’s ManageEngine ADSelfService Plus software that provides both single sign-on and  password management capabilities. If this flaw is exploited successfully, it can allow an attacker to take over vulnerable systems on a company’s network.



Source link