- Amazon is selling the M4 Mac Mini at an all-time low price (and I don't expect it to last)
- How new Facebook policies incentivize spreading misinformation
- Is your live TV streaming service still worth it? I review the options for every budget
- 見逃せない!パブリッククラウドの思わぬ落とし穴
- What to expect at Amazon's event this week: Alexa 2.0, new Echos, and Fire TV upgrades
CISA Warns of Hackers Exploiting Multiple Vulnerabilities in the Zimbra Collaboration Suite
The Cybersecurity and Infrastructure Security Agency (CISA) has published a new advisory warning of threat actors actively exploiting five different vulnerabilities in the Zimbra Collaboration Suite (ZCS).
The document was compiled in collaboration with the Multi-State Information Sharing & Analysis Center (MS-ISAC) and explains how threat actors may be targeting unpatched ZCS instances in both government and private sector networks.
The first of the discovered vulnerabilities (tracked CVE-2022-27924) is a high-severity vulnerability enabling an unauthenticated threat actor to inject arbitrary memcache commands into a ZCS instance and cause an overwrite of arbitrary cached entries.
“The actor can then steal ZCS email account credentials in cleartext form without any user interaction,” the advisory read.
The second and third vulnerabilities mentioned in the document are chained (CVE-2022-27925 and CVE-2022-37042, respectively), with the former enabling an authenticated user to upload arbitrary files to the system, and the latter being an authentication bypass vulnerability.
The remaining Zimbra vulnerabilities mentioned in the CISA report are CVE-2022-30333, a high-severity directory traversal vulnerability in RARLAB UnRAR on Linux and UNIX, and CVE-2022-24682, a medium-severity vulnerability that impacts ZCS webmail clients.
All these vulnerabilities were disclosed to Zimbra and were patched by the company between May and late July. Despite this, CISA recommended administrators, especially those at firms that did not immediately update their ZCS instances upon patch release, hunt for malicious activity using third-party detection signatures mentioned in the advisory.
Further, the document recommended organizations apply a number of best practices to reduce the risk of compromise, including maintaining and testing an incident response plan, ensuring organizations have a vulnerability management program, are properly configuring and securing internet-facing network devices and adopting zero-trust principles and architecture.
CISA and the MS-ISAC said they will update the advisory to include additional indicators of compromise (IOCs) and signatures as further information becomes available.
The advisory detailing the Zimbra vulnerabilities comes weeks after CISA announced it will open a new office in London, UK.
