Security News > 2023 > April > CISA warns of Zimbra bug exploited in attacks against NATO countries
The Cybersecurity and Infrastructure Security Agency warned federal agencies to patch a Zimbra Collaboration cross-site scripting flaw exploited by Russian hackers to steal emails in attacks targeting NATO countries.
Winter Vivern's attacks start with the hackers using the Acunetix tool vulnerability scanner to find vulnerable ZCS servers and sending users phishing emails that spoof senders the recipients are familiar with.
The vulnerability was added today to CISA's Known Exploited Vulnerabilities catalog, a list of security flaws known to be actively exploited in the wild.
According to a binding operational directive issued by the U.S. cybersecurity agency in November 2021, Federal Civilian Executive Branch Agencies agencies must patch vulnerable systems on their networks against bugs added to the KEV list.
CISA gave FCEB agencies three weeks, until April 24, to secure their networks against attacks that would target the CVE-2022-27926 flaw.
On Thursday, CISA also ordered federal agencies to patch security vulnerabilities exploited as zero-days in recent attacks to deploy commercial spyware on Android and iOS mobile devices, as Google's Threat Analysis Group recently revealed.
News URL
Related news
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) (source)
- Evil Corp's deep ties with Russia and NATO member attacks exposed (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-21 | CVE-2022-27926 | Unspecified vulnerability in Zimbra Collaboration 9.0.0 A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. | 6.1 |