The FBI, Coast Guard Cyber Command and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly reported a cyber vulnerability in a self-service password management platform made by Zoho.
Cyber actors capitalizing on advanced persistent threats (APT) are likely to exploit a vulnerability found in Zoho's ManageEngine ADSelfService Plus, CISA said Thursday.
The vulnerability, when exploited, may risk critical U.S. infrastructure providers, universities, infrastructure companies, defense contractors and other users of the platform.
Cybercriminals have reportedly used the vulnerability to dump user credentials, decode information, steal database copies, delete users and perform other unauthorized activity.
The joint report, titled APT Actors Exploiting Newly Identified Vulnerability in ManageEngine ADSelfService Plus, features recommendations on how to mitigate the issue.
The three agencies are now conducting investigations and response efforts to address the malicious activities based on the vulnerability.