Security News > 2023 > April > CISA warns of Zimbra bug exploited in attacks against NATO countries

CISA warns of Zimbra bug exploited in attacks against NATO countries
2023-04-03 20:36

The Cybersecurity and Infrastructure Security Agency warned federal agencies to patch a Zimbra Collaboration cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries.

Winter Vivern's attacks start with the hackers using the Acunetix tool vulnerability scanner to find vulnerable ZCS servers and sending users phishing emails that spoof senders the recipients are familiar with.

The vulnerability was added today to CISA's Known Exploited Vulnerabilities catalog, a list of security flaws known to be actively exploited in the wild.

According to a binding operational directive issued by the U.S. cybersecurity agency in November 2021, Federal Civilian Executive Branch Agencies agencies must patch vulnerable systems on their networks against bugs added to the KEV list.

CISA gave FCEB agencies three weeks, until April 24, to secure their networks against attacks that would target the CVE-2022-27926 flaw.

On Thursday, CISA also ordered federal agencies to patch security vulnerabilities exploited as zero-days in recent attacks to deploy commercial spyware on Android and iOS mobile devices, as Google's Threat Analysis Group recently revealed.


News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-zimbra-bug-exploited-in-attacks-against-nato-countries/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-04-21 CVE-2022-27926 Unspecified vulnerability in Zimbra Collaboration 9.0.0
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
network
low complexity
zimbra
6.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zimbra 7 0 39 16 8 63