[BreachExchange] FBI, CISA, CGCYBER Warn of APTs Targeting CVE-2021-40539
Sophia Kingsbury
sophia.kingsbury at riskbasedsecurity.com
Fri Sep 17 09:03:57 EDT 2021
https://www.darkreading.com/threat-intelligence/fbi-cisa-cgcyber-warn-of-apts-targeting-cve-2021-40539
Advanced persistent threat attackers are exploiting a newly identified
vulnerability in Zoho ManageEngine ADSelfService Plus, according to a joint
advisory from the FBI, the United States Coast Guard Cyber Command
(CGCYBER), and the Cybersecurity and Infrastructure Security Agency (CISA).
CVE-2021-40539 is a critical authentication bypass vulnerability in the
software, which is a self-service password management and single sign-on
tool. The FBI, CISA, and CGCYBER have reports of attackers using exploits
against the vulnerability to gain access to the tool as early as August
2021.
If successfully exploited, the vulnerability could allow attackers to place
Web shells that could enable attackers to conduct post-exploitation
activities such as admin credential compromise, lateral movement, and
exfiltration of registry hives and Active Directory files, officials report.
"The exploitation of ManageEngine ADSelfService Plus poses a serious risk
to critical infrastructure companies, U.S.-cleared defense contractors,
academic institutions, and other entities that use the software," officials
write in an alert. They say the FBI, CISA, and CGCYBER are "proactively
investigating and responding to" the attack activity.
Zoho patched the vulnerability on Sept. 6, 2021. Officials urge
organizations to update to ADSelfService Plus build 6114 and ensure
ADSelfService Plus is not directly accessible from the Internet.
Read CISA's full alert for more information on tactics, techniques, and
procedures as well as technical details.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210917/5fde89af/attachment.html>
More information about the BreachExchange
mailing list