Zoho Password Manager Flaw Torched by Godzilla Webshell

A new campaign is prying apart a known security vulnerability in the Zoho ManageEngine ADSelfService Plus password manager, researchers warned over the weekend. The threat actors have managed to exploit the Zoho weakness in at least nine global entities across critical sectors so far (technology, defense, healthcare, energy and education), deploying the Godzilla webshell and exfiltrating data.

On Sunday, Palo Alto Network’s Unit 42 researchers said that the targeted cyberespionage campaign is distinct from the ones that the FBI and CISA warned about in September.

The bug is a critical authentication bypass flaw – CVE-2021-40539 – that allows unauthenticated remote code execution (RCE). Zoho patched the vulnerability in September, but it’s been actively exploited in the wild starting at least as early as August when it was a zero-day, opening the corporate doors to attackers who can run amok as they get free rein across users’ Active Directory (AD) and cloud accounts.

Consequences of a successful exploit can be significant: The Zoho ManageEngine ADSelfService Plus is a self-service password management and single sign-on (SSO) platform for AD and cloud apps, meaning that any cyberattacker able to take control of the platform would have multiple pivot points into both mission-critical

Read More: https://threatpost.com/zoho-password-manager-flaw-godzilla-webshell/176063/