unpatched-zimbra-platforms-are-probably-compromised,-cisa-says

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Unpatched Zimbra Platforms Are Probably Compromised, CISA Says

Security teams running unpatched, Internet-connected Zimbra Collaboration Suites (ZCS) should just go ahead and assume compromise, and take immediate detection and response action.

That’s according to a new alert issued by the Cybersecurity and Infrastructure Security Agency, which flagged active Zimbra exploits for CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, which are being chained with CVE-2022-37042, and CVE-2022-30333. The attacks lead to remote code execution and access to the Zimbra platform.

The result could be quite risky when it comes to shielding sensitive information and preventing email-based follow-on threats: ZCS is a suite of business communications services that includes an email server and a Web client for accessing messages via the cloud.

CISA, along with the Multi-State Information Sharing and Analysis Center (MS-ISAC), provided detection details and indicators of compromise (IoCs) to help security teams.

“Cyber-threat actors may be targeting unpatched ZCS instances in both government and private sector networks,” according to a Zimbra advisory.

CISA and the MS-ISAC strongly urged users and administrators to apply the guidance in the Recommendations section of this Cybersecurity Advisory to help secure their organization’s systems against malicious cyberactivity.

          Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

          Subscribe

          Related News

          Hackers using USB drives to spread malware in ongoing attack

          Hackers using USB drives to spread malware in ongoing attack

          According to a recent post by the cybersecurity firm Mandiant, USB drives are being used to hack targets in Southeast…
          AI-Powered Smart Glasses Give Deaf People the Power of Speech

          AI-Powered Smart Glasses Give Deaf People the Power of Speech

          In a recent example of innovative technology making a positive difference, there is now new artificial intelligence (AI) powered smart…
          16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

          16,000+ Scam Domains Aimed at FIFA World Cup Fans in Qatar

          Seeing as scammers readily jump to capitalize on events with huge global interest, it comes as no surprise that Group-IB…