CISA Alert AA22-228A – Threat actors exploiting multiple CVEs against Zimbra Collaboration suite. [CISA Cybersecurity Alerts}

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 17 August 2022

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

CISA and the Multi-State Information Sharing & Analysis Center, or MS-ISAC are publishing this joint Cybersecurity Advisory in response to active exploitation of multiple Common Vulnerabilities and Exposures against Zimbra Collaboration Suite, an enterprise cloud-hosted collaboration software and email platform. AA22-228A Alert, Technical Details, and Mitigations Volexity’s Mass Exploitation of (Un)authenticated Zimbra RCE: CVE-2022-27925 Hackers are actively exploiting password-stealing flaw in Zimbra CISA adds Zimbra email vulnerability to its exploited vulnerabilities catal… CVE-2022-27925 detail Mass exploitation of (un)authenticated Zimbra RCE: CVE-2022-27925 CVE-2022-37042 detail Authentication bypass in MailboxImportServlet vulnerability CVE-2022-30333 detail UnRAR vulnerability exploited in the wild, likely against Zimbra servers Zimbra Collaboration Kepler 9.0.0 patch 25 GA release Zimbra UnRAR path traversal Operation EmailThief: Active exploitation of zero-day XSS vulnerability in… Hotfix available 5 Feb for zero-day exploit vulnerability in Zimbra 8.8.15 All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at [email protected] or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or [email protected].

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a SISA Cybersecurity Alert.
0:14.0	ID number Alpha Alpha 22 TAC 228 Alpha.
0:20.0	Original release date, August, August 16, 2022.
0:23.4	CISA and the Multistate Information Sharing and Analysis Center,
0:31.7	or MS-ISAC, are publishing this joint cybersecurity advisory in response
0:35.7	to active exploitation of multiple common vulnerabilities and exposures against Zimber Collaboration
0:40.4	Suite, an Enterprise Cloud hosted collaboration software and email platform.
0:45.6	Five CVEEs are currently being exploited against Zimbra Collaboration Suite.
0:50.1	These five vulnerabilities are listed in the alert documentation and include high severity
0:53.9	vulnerabilities that allow for arbitrary code execution, malicious code injection, directory
0:59.0	traversal, cross-site scripting, data exhaloration.
1:03.5	Cyber threat actors may be targeting unpatched Zimbra Collaboration Suite instances in both
1:07.6	government and private sector networks.
1:09.8	CISA and the MS-ISAC strongly urge users and administrators to apply the guidance in the
1:14.2	recommendation in the recommendation section of the Alert documentation to help secure their
1:17.6	organization systems against malicious cyber activity.
1:21.1	CISA and the MS-ISAC encourage organizations who did not immediately update their
1:24.8	Zimbra instances upon patch release or whose Zimbra instances were exposed to the
1:28.6	Internet to assume compromise and hunt for malicious activity using the
1:32.1	third-party detection
1:33.2	signatures in the detection method section of the alert
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.