• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
zero day flaw in zimbra email software exploited by four hacker

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

You are here: Home / General Cyber Security News / Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
November 16, 2023

A zero-day flaw in the Zimbra Collaboration email software was exploited by 4 distinctive groups in real-planet attacks to pilfer email data, person credentials, and authentication tokens.

“Most of this activity occurred after the original repair became general public on GitHub,” Google Risk Analysis Team (TAG) said in a report shared with The Hacker News.

The flaw, tracked as CVE-2023-37580 (CVSS rating: 6.1), is a mirrored cross-internet site scripting (XSS) vulnerability impacting versions just before 8.8.15 Patch 41. It was resolved by Zimbra as aspect of patches unveiled on July 25, 2023.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Successful exploitation of the shortcoming could permit execution of malicious scripts on the victims’ web browser merely by tricking them into clicking on a specifically crafted URL, effectively initiating the XSS request to Zimbra and reflecting the attack again to the user.

Cybersecurity

Google TAG, whose researcher Clément Lecigne was credited with exploring and reporting the bug, explained it learned several campaign waves setting up June 29, 2023, at least two weeks prior to Zimbra issued an advisory.

A few of the 4 strategies have been noticed prior to the release of the patch, with the fourth campaign detected a month following the fixes ended up published.

The very first campaign is claimed to have focused a government business in Greece, sending e-mails that contains exploit URLs to their targets that, when clicked, sent an email-thieving malware previously observed in a cyber espionage operation dubbed EmailThief in February 2022.

The intrusion established, which Volexity codenamed as TEMP_HERETIC, also exploited a then-zero-working day flaw in Zimbra to have out the attacks.

Zero-Day Flaw in Zimbra Email Software

The 2nd threat actor to exploit CVE-2023-37580 is Winter season Vivern, which targeted governing administration corporations in Moldova and Tunisia shortly just after a patch for the vulnerability was pushed to GitHub on July 5.

It truly is truly worth noting that the adversarial collective has been connected to the exploitation of security vulnerabilities in Zimbra Collaboration and Roundcube by Proofpoint and ESET this calendar year.

TAG said it spotted a third, unknown team weaponizing the bug prior to the patch was pushed on July 25 to phished for qualifications belonging to a government organization in Vietnam.

Cybersecurity

“In this situation, the exploit URL pointed to a script that shown a phishing webpage for users’ webmail qualifications and posted stolen credentials to a URL hosted on an formal authorities domain that the attackers very likely compromised,” TAG famous.

Lastly, a governing administration organization in Pakistan was focused applying the flaw on August 25, resulting in the exfiltration of the Zimbra authentication token to a distant domain named “ntcpk[.]org.”

Google more pointed out a pattern in which danger actors are regularly exploiting XSS vulnerabilities in mail servers, necessitating that these kinds of purposes are audited comprehensively.

“The discovery of at least 4 strategies exploiting CVE-2023-37580, a few strategies just after the bug 1st grew to become public, demonstrates the significance of companies implementing fixes to their mail servers as soon as probable,” TAG reported.

“These strategies also spotlight how attackers monitor open-supply repositories to opportunistically exploit vulnerabilities exactly where the deal with is in the repository, but not nevertheless introduced to buyers.”

Discovered this article exciting? Follow us on Twitter  and LinkedIn to read through additional exceptional content material we publish.


Some sections of this report are sourced from:
thehackernews.com

Previous Post: «experts uncover darkcasino: new emerging apt threat exploiting winrar flaw Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw
Next Post: CISA Adds Three Security Flaws with Active Exploitation to KEV Catalog cisa adds three security flaws with active exploitation to kev»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.