A new zero-day vulnerability found in Zoho Corp.’s unified endpoint management tool, ManageEngine Desktop Central, is being actively exploited by nation-state actors. The FBI says attacks stemming from this vulnerability have been taking place since at least October. The authentication bypass vulnerability has a critical score of 9.8 out of 10, the FBI says. It gives advanced persistent threat actors the ability to compromise servers, drop a web shell that overrides a legitimate function of the software, and dump credentials.”]
Source: https://www.govinfosecurity.com/nation-states-exploiting-critical-flaw-in-zoho-uem-a-18178