Friday, March 29, 2024

Hackers Exploiting High-Severity Zimbra Flaw to Steal Email Account Credentials

Zimbra CVE-2022-27824 has been added to the CISA’s “Known Exploited Vulnerabilities” catalog as a new vulnerability. Hackers are actively exploiting it in attack activities, which indicates it is active in the hacking community.

Unauthenticated threat actors are able to steal email account credentials in clear-text by exploiting this high-severity vulnerability. Using Zimbra Collaboration, a threat actor steals credentials without asking the user for their permission.

https://www.youtube.com/watch?v=GIgHZrPrGug

Impact

During legitimate authentication attempts, a hacker can make use of CRLF injection to poison Memcache and deceive the software into relaying all IMAP traffic to the threat actor instead of forwarding it to the legitimate authentication attempt.

It was discovered by SonarSource researchers on March 11, 2022, that the flaw had been exploited. An update that addressed these issues was released by the software vendor on May 10, 2022. In the following list, we have mentioned the fixed versions as follows:-

  • ZCS 9.0.0 Patch 24.1
  • ZCS 8.8.15 Patch 31.1

Based on CISA’s latest catalog addition, it has become evident that not all administrators have updated their security software with the latest updates. It has been nearly three months since all these updates became available to the public.

Exploit Capabilities

It is now possible for hackers to identify and attack vulnerable instances; all credit goes to the opportunity provided by this. As a result of stealing the credentials from a Zimbra account, they are able to do the following things:-

  • Access the email server
  • Making spear-phishing easier by removing the barriers to entry
  • Social engineering
  • BEC (Business Email Compromise) attacks

Zimbra Collaboration is used by a variety of organizations, including the following:- 

  • The number of businesses in the network exceeds 200,000.
  • The number of state entities exceeds 1,000.
  • In 140 countries, they support critical organizations.

In spite of all the recommendations made by CISA, all Federal agencies in the U.S. need to apply the security updates available to them as soon as possible until August 25, 2022, since it’s the final deadline.

Moreover, apart from the Federal agencies, CISA has also recommended all non-federal agencies and organizations to immediately apply the security updates to avoid any exploitation.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles