CyberWire Daily - CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite. [CISA Cybersecurity Alerts}
Episode Date: August 17, 2022CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Ex...posures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform. AA22-228A Alert, Technical Details, and Mitigations Volexity’s Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925 Hackers are actively exploiting password-stealing flaw in Zimbra CISA adds Zimbra email vulnerability to its exploited vulnerabilities catal… CVE-2022-27925 detail Mass exploitation of (un)authenticated Zimbra RCE: CVE-2022-27925 CVE-2022-37042 detail Authentication bypass in MailboxImportServlet vulnerability CVE-2022-30333 detail UnRAR vulnerability exploited in the wild, likely against Zimbra servers Zimbra Collaboration Kepler 9.0.0 patch 25 GA release Zimbra UnRAR path traversal Operation EmailThief: Active exploitation of zero-day XSS vulnerability in… Hotfix available 5 Feb for zero-day exploit vulnerability in Zimbra 8.8.15 All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered 16th, 2022.
CISA and the Multi-State Information Sharing and Analysis Center, or MS-ISAC, are publishing this joint cybersecurity advisory in response to active exploitation of multiple common vulnerabilities and exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform.
Five CVEs are currently being exploited against Zimbra collaboration suite.
These five vulnerabilities are listed in the alert documentation and include high-severity vulnerabilities that allow for arbitrary code execution, malicious code injection, directory
traversal, cross-site scripting, and data exfiltration.
Cyber threat actors may be targeting unpatched Zimbra collaboration suite instances
in both government and private sector networks.
CISA and the MS-ISAC strongly urge users and administrators
to apply the guidance in the recommendations section
of the alert documentation
to help secure their organization's systems
against malicious cyber activity.
CISA and the MS-ISAC encourage organizations
who did not immediately update their Zimbra instances upon patch release
or whose Zimbra instances were exposed to the Internet
to assume compromise and hunt for malicious activity
using the third-party detection signatures
in the Detection Methods section of the alert documentation.
Organizations that detect potential compromise
should apply the steps in the Incident Response section of this alert.
All organizations should report
incidents and anomalous activity to CISA's 24-7 Operations Center at central at cisa.dhs.gov or
888-282-0870 and to the FBI via your local FBI field office or the FBI's 24-7
CyWatch at 855-292-3937 or cywatch at fbi.gov. This report was written by CISA, the United States Cybersecurity and Infrastructure Security Agency,
and edited and adapted for audio by the Cyber Wire as a public service.
Please visit www.cisa.gov to read the full report, which may include additional details, links, and illustrations.
A link to this report can be found in the show notes.
report can be found in the show notes. This has been a CISA Cybersecurity Alert.