Multiple investigative agencies issued a joint security alert to warn Zoho users about a hacking group that has been exploiting a critical vulnerability in its single sign on and password management service in order to access sensitive information.
The alert was issued by the Federal Bureau of Investigation (FBI), the Coast Guard Cyber Command (CGCYBER) and the Cybersecurity and Infrastructure Security Agency (CISA), which warn of a real risk to companies using the affected tools, including Apple, Nike, PayPal and HBO, among many others.
Tracked as CVE-2021-40539, the flaw resides in Zoho ManageEngine ADSelfService Plus and its successful exploitation would allow threat actors to take control of vulnerable systems. This alert comes after an individual CISA report warning about the detection of active exploitation attempts.
To the time of writing of this article, it is still unknown how many exploitation attempt cases have been detected and how successful these attempts were. The joint report notes that a successful attack would allow the delivery of webshells for the deployment of subsequent attacks such as administrator credential compromise, lateral movement attacks, and file exfiltration in Active Directory.
On the other hand, members of the cybersecurity community believe that these attacks could target organizations in all kinds of sectors, including educational institutions, manufacturing, transportation, logistics, finance and other productive areas.
After receiving the report, Zoho began working on a method to address these issues, so ManageEngine ADSelfService Plus build 6114, the secure version of the affected tool, is now available. Security agencies recommend that users of this solution immediately apply the ADSelfService Plus build 6114 update and ensure that ADSelfService Plus is not accessible directly from the Internet, which should fully mitigate any risk of exploitation.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.