FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539

  /     /     /  
Publicated : 23/11/2024   Category : security


FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539


The critical authentication bypass vulnerability exists in Zoho ManageEngine ADSelfService Plus, officials report.



Advanced persistent threat attackers are exploiting a newly identified vulnerability in Zoho ManageEngine ADSelfService Plus, according to a joint advisory from the FBI, the United States Coast Guard Cyber Command (CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA).
CVE-2021-40539 is a critical authentication bypass vulnerability in the software, which is a self-service password management and single sign-on tool. The FBI, CISA, and CGCYBER have reports of attackers using exploits against the vulnerability to gain access to the tool as early as August 2021.
If successfully exploited, the vulnerability could allow attackers to place Web shells that could enable attackers to conduct post-exploitation activities such as admin credential compromise, lateral movement, and exfiltration of registry hives and Active Directory files, officials report.
The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, U.S.-cleared defense contractors, academic institutions, and other entities that use the software, officials write in an alert. They say the FBI, CISA, and CGCYBER are proactively investigating and responding to the attack activity.
Zoho patched the vulnerability on Sept. 6, 2021. Officials urge organizations to update to ADSelfService Plus build 6114 and ensure ADSelfService Plus is not directly accessible from the Internet.
Read CISAs
full alert
for more information on tactics, techniques, and procedures as well as technical details.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539