Security News > 2023 > April > CISA warns of Zimbra bug exploited in attacks against NATO countries
The Cybersecurity and Infrastructure Security Agency warned federal agencies to patch a Zimbra Collaboration cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries.
Winter Vivern's attacks start with the hackers using the Acunetix tool vulnerability scanner to find vulnerable ZCS servers and sending users phishing emails that spoof senders the recipients are familiar with.
The vulnerability was added today to CISA's Known Exploited Vulnerabilities catalog, a list of security flaws known to be actively exploited in the wild.
According to a binding operational directive issued by the U.S. cybersecurity agency in November 2021, Federal Civilian Executive Branch Agencies agencies must patch vulnerable systems on their networks against bugs added to the KEV list.
CISA gave FCEB agencies three weeks, until April 24, to secure their networks against attacks that would target the CVE-2022-27926 flaw.
On Thursday, CISA also ordered federal agencies to patch security vulnerabilities exploited as zero-days in recent attacks to deploy commercial spyware on Android and iOS mobile devices, as Google's Threat Analysis Group recently revealed.
News URL
Related news
- CISA warns of critical Palo Alto Networks bug exploited in attacks (source)
- CISA warns of more Palo Alto Networks bugs exploited in attacks (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- CISA tags Progress Kemp LoadMaster flaw as exploited in attacks (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
- CISA confirms critical Cleo bug exploitation in ransomware attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-21 | CVE-2022-27926 | Unspecified vulnerability in Zimbra Collaboration 9.0.0 A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. | 6.1 |