FYSA
On December 2, The Cybersecurity and Infrastructure Security Agency (CISA) and
the Federal Bureau of Investigation (FBI) released a Joint Cybersecurity
Advisory to help critical infrastructure owners and operators better understand
the cyber threat associated with active exploitation of a newly identified
vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus-IT help
desk software with asset management.
The FBI and CISA assess that advanced persistent threat (APT) cyber actors are
among those exploiting the vulnerability. If left unpatched, successful
exploitation of the vulnerability allows an attacker to upload executable files
and place webshells, which enable the adversary to conduct post-exploitation
activities, such as compromising administrator credentials, conducting lateral
movement, and exfiltrating registry hives and Active Directory files. Zoho's
update that patched this vulnerability was released on September 16, 2021. Zoho
released a subsequent security advisory on November 22, 2021, and advised
customers to patch immediately.
Leaders at every level of an organization should read this Cybersecurity
Advisory, assess their unique cybersecurity environment, and implement
recommended mitigations for any observed security gaps or weaknesses. And as
always, thank you for your continued collaboration.
The Joint Cybersecurity Advisory can be found here: https://go.usa.gov/xeVYA
Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse@xxxxxxxxxxxx<mailto:theresa.masse@xxxxxxxxxxxx>
[cid:image001.png@01D7E818.808D9320]