CISA warns unpatched Zimbra users to assume breach – Cybersecurity Dive




Months after warnings to patch the Zimbra Collaboration Suite, government and private sector organizations are under attack from multiple threat actors.
Multiple threat actors are launching attacks against unpatched users of Zimbra Collaboration Suite, a business productivity software and email platform, the Cybersecurity and Infrastructure Security Agency said in a warning Thursday.  
CISA, in a joint advisory with the Multi-State Information Sharing and Analysis Center (MS-ISAC) and contributions from the FBI, said threat actors are exploiting multiple CVEs to launch attacks against unpatched government and private sector users. 
The advisory updates previous guidance issued in August regarding vulnerabilities in ZCS. Officials urge administrators that failed to patch their systems or are otherwise exposed to the internet, to assume they have been compromised and use third-party detection signatures in the advisory to hunt for threat activity. 
One vulnerability previously disclosed by SonarSource researchers, listed as CVE-2022-29724, allows unauthenticated hackers to inject memcache commands into targeted instances of ZCS and overwrite arbitrary cached entries. A hacker can then steal ZCS email account credentials using cleartext form. 
If organizations don’t have multifactor authentication, a hacker can launch spearphishing, social engineering or business email compromise attacks. Zimbra issued patches in May, and CISA updated its Known Exploited Vulnerabilities catalog in August. 
In another high severity vulnerability, CVE-2022-27925, the threat involves ZCS instances with mboximport functionality to extract files from a ZIP archive. Authenticated users can upload arbitrary files and lead to directory transversal. 
Steven Adair, president of Volexity, said the attacks likely involve organizations that never patched and found a breach or were compromised some time ago.
Volexity researchers in August reported more than 1,000 ZCS instances of CVE-2022-27925 along with CVE-2022-37042. CISA added both vulnerabilities to the KEV list. 
 
Get the free daily newsletter read by industry experts
Security executives from Zoom, NS1 and Oomnitza shared their security priorities for the rest of 2022, with a special emphasis on mastering the basics. 
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
Want to share a company announcement with your peers?
Get started
Security executives from Zoom, NS1 and Oomnitza shared their security priorities for the rest of 2022, with a special emphasis on mastering the basics. 
Text message and email-based authentication aren’t just the weakest variants of MFA. Cybersecurity professionals say they are broken.
The free newsletter covering the top industry headlines

source


CyberTelugu

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top