Quick: Manually patch this Zimbra bug that's under attack
A vulnerability in Zimbra's software is being exploited right now by miscreants to compromise systems and attack selected government organizations, experts reckon. An update to squash the security bug won't be pushed out until later this month, according to the developer, which for now has"kindly" asked customers to manually apply a fix.
The flaw affects Zimbra Collaboration Suite version 8.8.15, and"could potentially impact the confidentiality and integrity of your data," according to anfrom the software maker. In other words, the bug can be exploited to steal or alter information among other things. Zimbra said it will deliver the fix in an official July software update. However,"we understand that you may want to take action sooner rather than later to protect your data," the email software provider added."To maintain the highest level of security, we kindly request your cooperation to apply the fix manually on all of your mailbox nodes." That may not be a bad idea since it is believed the flaw is under active exploitation; though that's limited in scope at the moment, it could widen as the days and weeks go on. Clément Lecigne, a researcher in Google's Threat Analysis Group, spotted the vulnerability"being used in-the-wild in a targeted attack,"Threat actors could steal sensitive user information or execute malicious code on vulnerable systems And while the Googlers did not provide additional details about who was being targeted and how, EclecticIQ researchers on Monday said it's possible the bug is being used in cross-site scripting attacks targeting government organizations in Ukraine, Spain, Indonesia, and France. "As part of XSS attacks, threat actors could steal sensitive user information or execute malicious code on vulnerable systems that affects Zimbra Collaboration Suite version 8.8.15," EclecticIQ analyst Arda BüyükkayaEssentially what appears to be happening is this, according to Büyükkaya: someone probably hijacked"government-owned Zimbra and Roundcube email servers and used these to send spearphishing emails to other government entities." EclecticIQ has high confidence that is happening, and believes with lower confidence that the aforementioned XSS flaw was used to compromise the email servers. We're told that EclecticIQ analysts has seen 12 phishing emails sent out in this campaign, which began as early as January 2023. After getting into the email servers, the intruders used these systems to send phishing emails containing fake Zimbra maintenance notification alerts to their victims, it appears. The emails contained a link that took marks to a fake Zimbra email login page, and allowed the miscreants to collect the users' credentials.Considering the report finds most of the phishing emails were sent to Zimbra email users in Ukraine — including the National Police in the Kyiv region — it's not that shocking that EclecticIQ says Russian miscreants are probably responsible for the attacks. One of the emails specified a Gmail reply-to address that the security team said is"very likely owned or controlled by the threat actor." It's similar to another email address tied to an account on Russian-speaking cyber-forum Exploit[dot]in. "However, as these forums are internationally accessible, it is not definitive proof of the actor's origin or nationality," Büyükkaya said.
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
11 reasons your vagina smells a little…offIf you notice an unusual vaginal odour, it might be related to these causes.
Read more »
Zaporizhia braces itself for Russian nuclear tricksSome fear the Russians will engineer an incident at the plant if the Ukrainian counter-offensive breaks through
Read more »
Putin purges another general as eight Russian top brass now detained or suspendedPARANOID Putin has purged another general – as eight Russian top brass are detained or suspended in the wake of the Wagner rebellion. Major-General Vladimir Seliverstov was the latest victim …
Read more »
Moscow seizes Russian subsidiaries of Danone and Carlsberg’s BaltikaFirst such move against western businesses since takeovers of Finland’s Fortum and Germany’s Uniper in April
Read more »
Crimea bridge closed following 'emergency'Russian-installed officials have told people to find other routes into the occupied Ukrainian peninsula.
Read more »
Russian mother and father killed in 'drone attack' on bridge linking Crimean peninsula to RussiaTwo people have been killed in an attack on the bridge linking the occupied Crimean peninsula to Russia.
Read more »