This article has been indexed from CSO Online
Cyberespionage groups are exploiting a critical vulnerability patched earlier this month in ManageEngine ADSelfService Plus, a self-service password management and single sign-on (SSO) solution for Active Directory environments. The FBI, CISA and the United States Coast Guard Cyber Command (CGCYBER) urge organizations who use the product to deploy the available patch as soon as possible and check their systems for signs of compromise.
“The FBI, CISA, and CGCYBER assess that advanced persistent threat (APT) cyber actors are likely among those exploiting the vulnerability,” the three agencies said in a joint advisory. “The exploitation of ManageEngine ADSelfService Plus poses a serious risk to critical infrastructure companies, US-cleared defense contractors, academic institutions, and other entities that use the software.”
Read the original article: APT actors exploit flaw in ManageEngine single sign-on solution