Security News > 2023 > April > CISA warns of Zimbra bug exploited in attacks against NATO countries

The Cybersecurity and Infrastructure Security Agency warned federal agencies to patch a Zimbra Collaboration cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries.

Winter Vivern's attacks start with the hackers using the Acunetix tool vulnerability scanner to find vulnerable ZCS servers and sending users phishing emails that spoof senders the recipients are familiar with.

The vulnerability was added today to CISA's Known Exploited Vulnerabilities catalog, a list of security flaws known to be actively exploited in the wild.

According to a binding operational directive issued by the U.S. cybersecurity agency in November 2021, Federal Civilian Executive Branch Agencies agencies must patch vulnerable systems on their networks against bugs added to the KEV list.

CISA gave FCEB agencies three weeks, until April 24, to secure their networks against attacks that would target the CVE-2022-27926 flaw.

On Thursday, CISA also ordered federal agencies to patch security vulnerabilities exploited as zero-days in recent attacks to deploy commercial spyware on Android and iOS mobile devices, as Google's Threat Analysis Group recently revealed.

News URL

https://www.bleepingcomputer.com/news/security/cisa-warns-of-zimbra-bug-exploited-in-attacks-against-nato-countries/