Australian Cyber Security Centre
Background /What has happened?
Malicious actors have attempted to use Zoho ManageEngine vulnerabilities (CVE-2021-44077) to target Australian organisations.
On the 2nd of December 2021, CISA and the FBI released a joint Cybersecurity advisory identifying active exploitation of the vulnerability.
A patch already exists for this vulnerability due to an existing Zoho ManageEngine authentication bypass vulnerability that was made known and patchable on the 16th of September 2021.
/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
