Related Posts
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
[[{“value”:”Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.
"An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted”}]] Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Microsoft: Some Outlook.com users can’t send emails with attachments
Microsoft: Some Outlook.com users can’t send emails with attachments
In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments. […] Read More
BleepingComputer
Hackers Exploiting Zimbra 0-day to Attack Government Organizations
Hackers Exploiting Zimbra 0-day to Attack Government Organizations
Zimbra Collaboration is an open-source solution software suite with an email server and web client for collaboration.
Over 5,000 companies and public sector users, along with hundreds of millions of end-users in more than 140 countries, utilize this solution.
Google TAG (Threat Analysis Group) found an in-the-wild 0-day exploit in June 2023 targeting Zimbra Collaboration (CVE-2023-37580).
In total, there are four distinct groups that exploited this bug, stealing the following data:-
Email data
User credentials
Authentication tokens
Flaw Profile
CVE ID: CVE-2023-37580
Description: Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Base Score: 6.1
Severity: MEDIUM
Vulnerability Name: Required Action Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability.
Hackers Exploiting Zimbra 0-day
Most of the activity took place after the initial fix went public on GitHub. TAG highlights staying protected by keeping software up-to-date and promptly applying security updates.
Document
Free Webinar
Live API Attack Simulation Webinar
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked. The session will cover: an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway
TAG found a critical XSS flaw in Zimbra’s email server (CVE-2023-37580), which was actively exploited in June. Zimbra released a hotfix on July 5, 2023, and an advisory on July 13, 2023.
Besides this, researchers also identified three threat groups exploiting it before the official patch, and a fourth campaign emerged after the fix.
Zimbra’s URL vulnerability led to a reflected XSS, allowing the injection of malicious scripts into web pages.
Campaigns
Here below we have mentioned all the campaigns:-
Campaign 1: First known exploitation leads to email-stealing framework
Campaign 2: Winter Vivern exploitation after hotfix pushed to Github
Campaign 3: Exploit used for credential phishing
Campaign 4: N-day exploit used for stealing authentication token
The discovery of four CVE-2023-37580 campaigns underscores the urgency for prompt mail server fixes. Attackers exploit vulnerabilities post-Github fix, pre-public advisory.
This follows CVE-2022-24682 exploitation and precedes CVE-2023-5631. Regular XSS exploits highlight the need for rigorous mail server code audits.
IoCs
https://obsorth.opwtjnpoc[.]ml/pQyMSCXWyBWJpIos.js
https://applicationdevsoc[.]com/zimbraMalwareDefender/zimbraDefender.js
https://applicationdevsoc[.]com/tndgt/auth.js
ntcpk[.]org
Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.
The post Hackers Exploiting Zimbra 0-day to Attack Government Organizations appeared first on Cyber Security News.
Cyber Security News