According to threat intelligence firm Volexity, an authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide. Zimbra, an email and collaboration platform, is used by over 200,000 enterprises in over 140 countries, including over 1,000 government and financial organizations. The vulnerability, tracked as CVE-2022-27925 with a severity of 7.2, is a ZCS remote code execution flaw that requires authentication with the help of another auth bypass bug CVE-2022-37042, which on successful exploitation enables attackers to deploy web shells on specific locations on the compromised servers to gain persistent access. Based on the Internet scans performed by Volexity to identify compromised Zimbra instances, it was found that over 1,000 ZCS instances around the world were compromised and backdoored belonging to several global organizations, including government departments and ministries, military branches, and worldwide businesses with billions of dollars of revenue. Furthermore, Volexity says that it reported its finding to Zimbra, and they said in case of compromised Zimbra instances the victims can contact the local Computer Emergency Response Team (CERTs). In addition, Zimbra has patched versions 8.8.15 patch 33 and 9.0.0 patch 26 against the actively exploited RCE and authorization bypass bugs, admins should patch their servers immediately to block the attacks.
Cisco issued a warning about a state-sponsored hacking group exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewal...
Citizen Lab's recent investigation revealed significant security vulnerabilities in various cloud-based pinyin keyboard apps, raising concerns about user privacy risks. Among t...
An unidentified attacker hacked the website of a Czech news service on April 23, 2024, and published a fake story claiming an assassination attempt on Slovakia’s newly elected pr...