State-sponsored APTs may be exploiting a critical Zoho bug, according to CISA and the FBI
State-backed advanced persistent threat (APT) actors are likely among those who have been actively exploiting a recently found bug in a Zoho single sign-on and password management tool since early last month, according to the FBI, CISA, and the US Coast Guard Cyber Command (CGCYBER). Because the Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) platform for Active Directory and cloud apps, any cyberattacker who gains control of the platform will have multiple pivot points into both mission-critical apps (and their sensitive data) and other parts of the corporate network via Active Directory. It is, in other words, a powerful, highly privileged application that may serve as an easy point-of-entry for both users and attackers into areas deep within an enterprise's footprint. Read More.