Zimbra auth bypass bug exploited to breach over 1,000 servers

Zimbra auth bypass bug exploited to breach over 1,000 servers

An authentication bypass Zimbra security vulnerability is actively exploited to compromise Zimbra Collaboration Suite (ZCS) email servers worldwide.

Zimbra is an email and collaboration platform used by more than 200,000 businesses from over 140 countries, including over 1,000 government and financial organizations.

Exploited in the wild

According to threat intelligence firm Volexity, attackers have been abusing a ZCS remote code execution flaw tracked as CVE-2022-27925 requiring authentication with the help of an auth bypass bug (tracked as CVE-2022-37042 and patched yesterday) as early as the end of June.

“Volexity believes this vulnerability was exploited in a manner consistent with what it saw with Microsoft Exchange 0-day vulnerabilities it discovered in early 2021,” the company’s Threat Research team said.

“Initially it was exploited by espionage-oriented threat actors, but was later picked up by other threat actors and used in mass-exploitation attempts.”

Successful exploitation allows the attackers to deploy web shells on specific locations on the compromised servers to gain persistent access.

CVE-2022-27925 facilitated writing #webshells to disk and was patched months ago. However, it was deemed lower priority because it required admin creds to exploit. Enter CVE-2022-37042 … which bypassed authentication making this a CRITICAL and trivial to exploit vulnerability.

— Steven Adair (@stevenadair) August 11, 2022

While Zimbra did not disclose in its advisory that these vulnerabilities are under active exploitation, an employee warned customers on the company’s forum to immediately apply patches as they are indeed abused in attacks.

“If you are running a Zimbra version that is older than Zimbra 8.8.15 patch 33 or Zimbra 9.0.0 patch 26 you should update to the latest patch as soon as possible,” the alert published on Wednesday reads.

A Zimbra spokesperson was not available for comment when BleepingComputer reached out earlier today.

CISA also confirmed that both security flaws are exploited in the wild by adding them to its catalog of exploited bugs on Thursday.

Over 1,000 servers already compromised

After discovering evidence during multiple incident responses that Zimbra email servers were being breached using the CVE-2022-27925 RCE with the help of the CVE-2022-37042 auth bypass bug, Volexity scanned for instances of hacked servers exposed to Internet access.

To do this, the company’s security experts used their knowledge of where the threat actors were installing web shells on the servers.

“Through these scans, Volexity identified over 1,000 ZCS instances around the world that were backdoored and compromised,” Volexity added.

“These ZCS instances belong to a variety of global organizations, including government departments and ministries, military branches, and worldwide businesses with billions of dollars of revenue.

“Bearing in mind that this scan only used shell paths known to Volexity, it is likely that the true number of compromised servers is higher.”

Volexity says that all its findings were reported to Zimbra and that they also local Computer Emergency Response Team (CERTs) that could be contacted of compromised Zimbra instances.

Zimbra auth bypass bug exploited to breach over 1,000 servers

Compromised Zimbra email servers (Volexity)

Since the latest Zimbra versions (8.8.15 patch 33 and 9.0.0 patch 26) are patched against the actively exploited RCE and auth bypass bugs, admins should patch their servers immediately to block attacks.

However, as Volexity warns, if vulnerable servers haven’t been patched against the RCE bug (CVE-2022-27925) before the end of May 2022, “you should consider your ZCS instance may be compromised (and thus all data on it, including email content, may be stolen) and perform a full analysis of the server.”

Volexity advises organizations who believe their ZCS email servers were compromised to investigate a possible incident or rebuild their ZCS instance using the latest patch and import emails from the old server.

Unfortunately, these two Zimbra bugs are likely not the only ones actively exploited, given that CISA has added another high severity Zimbra flaw (CVE-2022-27924), allowing unauthenticated attackers to steal plain text credentials, to its Known Exploited Vulnerabilities Catalog.

News Related


Train strikes: why rail workers are striking

A fresh wave of rail strikes begin on October 1 as the dispute over pay and conditions continues. We speak to John Leach from the RMT Union and Dan Panes ... Read more »

Understanding social dilemmas through games—the development of moral norms encourages selfless behavior

Frequency of different strategies in the fixed points of the replicator-mutator dynamics. Form A to D the game B is respectively, Snow Drift, Battle of the Sexes, Leader, and Stag ... Read more »

Metastable states of floating crystals

Animation of the growth of a floating crystal from N=3 to N=19 particles. Particles are added one by one to the surface of the liquid under magnetic field. The attractive ... Read more »

Our Favorite Controller for PC Gaming Is Just $45 Today

Microsoft The Xbox Core Wireless Controller is designed for the latest Xbox Series X and S consoles, but it also works perfectly for gaming on Windows PCs. It’s the top ... Read more »

Shoppers more likely to buy on Pi Day and other 'special' day-themed promotions

Credit: Pixabay/CC0 Public Domain Call it “having their ‘Pi’ and buying too.” A new study finds that consumers are more likely to make purchases during promotions tied to a special ... Read more »

Researchers reveal new strategy to prevent blood clots without increasing the risk of bleeding

Credit: CC0 Public Domain A nanoparticle therapy developed by investigators at University Hospitals (UH) and Case Western Reserve University targets overactive neutrophils, a specific kind of white blood cell, to ... Read more »

Researchers propose and demonstrate an optical black hole cavity based on transformation optics

Mapping the homogeneous refractive index distribution in the original straight space (a) to a circular OBH cavity (b) with gradient index. The core region of OBH cavity is truncated as ... Read more »

Residential school survivor to throw first pitch

TORONTO – The Canadian anthem will be performed in Blackfoot, English and French before the Toronto Blue Jays play the Boston Red Sox tonight at Rogers Centre. The team is ... Read more »

Estudio: Cambio climático aportó más lluvias a huracán Ian

El cambio climático añadió al menos 10% más lluvia al huracán Ian, reveló un estudio preparado inmediatamente después del paso de la tormenta. La investigación del jueves, que aún no ... Read more »

The Bear: UK release date on Disney+, trailer, and cast with Jeremy Allen White and Ebon Moss Bachrach

The Bear, an acclaimed US drama about an award-winning chef coming back home to run the family restaurant, is coming to Disney+ in the UK on Wednesday 5 October. The ... Read more »

Building the fairer city we all deserve

(Shutterstock) There’s growing consensus among New York City officials that creating a more equitable city should be at the very top of New York’s policy priorities in the months ahead. ... Read more »

YouTube TV Now Offers Just the Channels You Actually Want

After years of price hikes, a YouTube TV subscription costs more than a basic cable plan. It’s hard to justify blowing $65 a month on the service. But now, YouTube ... Read more »

Prince Harry and Meghan Headed a Roundtable in England, Days Before the Queen's Death

Oops! Something went wrong. Please try again later. Photo credit: Misan Harriman The Sussexes opened The One Young World Manchester Summit earlier this month in England—days before Queen Elizabeth II ... Read more »

Why is Trevor Noah leaving The Daily Show? What did comedian say, net worth explained - is he dating Dua Lipa?

Trevor Noah has announced that he will be stepping down from The Daily Show. The South African comedian took up his role on the news desk seven years ago, replacing ... Read more »

ONDC begins beta testing in Bengaluru today — more on e-commerce glasnost

The beta testing for Open Network for Digital Commerce (ONDC) started in Bengaluru today. ONDC is an initiative of the Department of Promotion of Industry and Internal Trade (DPIIT). ONDC ... Read more »

A piglet left behind by its herd finds a new family with some cattle

A wild boar named Frida runs between two cows on Thursday in a pasture near the river Weser in Holzminden, Germany. The herd has gained an unlikely following after adopting ... Read more »

Shane Lowry, Justin Thomas brutally mock Bryson DeChambeau over rope mishap

Golf Twitter is having a field day with Shane Lowry’s apparent diss at Bryson DeChambeau. On Thursday, Lowry tweeted his reaction to a cringeworthy video from DeChambeau, in which he ... Read more »

Supreme Court Judge Ketanji Brown Jackson gets formal induction before the new term

Supreme Court Associate Justice Ketanji Brown Jackson stands outside the Supreme Court with Chief Justice John Roberts, following her formal investiture ceremony at the Supreme Court in Washington on Sept. ... Read more »

Democrats' 'war' on fossil fuels has created America's inflation crisis: Rep. Buddy Carter

Repubicans vow to strengthen US economy by cutting spending, unleashing American energy Read more »

Florida ‘street shark’ caught in viral video during Hurricane Ian

We’re gonna need a bigger deck. A Florida resident’s backyard turned into a scene from “Jaws” in the wake of Hurricane Ian, when what appeared to be a shark was ... Read more »

Another Hocus Pocus Project Is Brewing, But Not The One We Expected

Disney Enterprises, Inc. “Hocus Pocus 2” premiered on Disney+ on September 30, 2022. Nearly thirty years after the original “Hocus Pocus” movie from 1993, the Sanderson Sisters (Bette Midler, Sarah Jessica ... Read more »

Alpinista heads into Arc on the back of five straight Group One wins

There would be no more popular winner of Sunday’s Prix de l’Arc de Triomphe than Alpinista, should she prevail at ParisLongchamp. Read more »

Review: Thou wilt have a perfectly OK time with the Bette-middling ‘Hocus Pocus 2’

By one of those coincidences that leads me to suspect witchcraft — or perhaps just the more banal dark magic of social media — this week has renewed some heated ... Read more »

John Stamos on the 'heartbreaking' lessons he learned from Bob Saget's death

John Stamos on the 'heartbreaking' lessons he learned from Bob Saget's death “Tomorrow's never promised,” Stamos said. For John Stamos, losing friend Bob Saget in January was “heartbreaking” for more ... Read more »

SoftBank sells entire stake in troubled cloud firm Sinch

Japanese investor SoftBank Group Corp has sold its entire stake in Sinch AB following a share price collapse of more than 90% in the Swedish cloud-based platform provider.The Swedish company ... Read more »

FIFA 23: Conocé los puntajes de los jugadores de Boca y River

El 30 de agosto, un mes antes del lanzamiento oficial, se estrenó por error FIFA 23 para la consola Xbox de Microsoft y los miembros adheridos por suscripción al servicio ... Read more »

Los 9 procesos de Windows que puedes cerrar sin miedo para mejorar el rendimiento de tu PC

Los 9 procesos de Windows que puedes cerrar sin miedo para mejorar el rendimiento de tu PC Tener procesos en ejecución es una parte inevitable del uso de Windows, también ... Read more »

Spotify se está instalando automáticamente en ordenadores Windows sin avisar a los usuarios

Spotify se está instalando automáticamente en ordenadores Windows sin avisar a los usuarios La aplicación se instala automáticamente en los ordenadores de algunos usuarios y se ejecuta al iniciar el ... Read more »

After six seasons, the Community movie is finally getting made

We may not be living in the darkest timeline after all. On Friday, Peacock announced that the sitcom Community will finally fulfill the prophecy of #SixSeasonsAndAMovie. Peacock officially confirmed that ... Read more »

Meta Quest 3 With Less Attractive Features Coming Next Year

That’s not a secret that Meta will release a top-notch VR headset in the near future. We are talking about the Meta Quest Pro. However, besides this model, the company ... Read more »

USB Standards Change: No Numbers Next To USB, Just Key Advantages

We call the USB standards by numbers, such as USB 2, USB 3, etc. However, behind these standards, there is the SuperSpeed USB branding. Starting this quarter, this branding will ... Read more »

5 Ways Managed IT Services Will Help Boost Your Small Business

(Photo : Annie Spratt on Unsplash`) For large, enterprise-level businesses, using managed IT can feel like a no-brainer, helping reduce strain on in-house IT teams. But for smaller businesses that ... Read more »

Google plant großes Rechenzentrum südlich von Berlin

Laut Google-Sprecher Bremer hat der Konzern den Kauf eines Grundstücks in Mittenwalde eingeleitet und prüft weitere Optionen in der Region. Der Internet-Riese Google hat eine Gewerbefläche knapp 20 Kilometer südlich ... Read more »

Chicago Suburb, Neighborhood Land on List of 50 Best Places to Live in US

You may not know it — but if you reside in a certain western suburb or a certain northern Chicago neighborhood, you’re living in one of the top places to ... Read more »

‘Jurassic World Dominion’ Director Colin Trevorrow Thought Spielberg Classic “Unfranchisable”

Colin Trevorrow, on set of ‘Jurassic World Dominion’ Everett Collection Universal/Amblin’s Jurassic World Dominion recently crossed the $1B mark at the global box office, one of only three films to ... Read more »

¿Las plegarias ayudan a ganar partidos? Muchos creen que sí

Dolores Mejía pensó que a los Bears de Chicago les vendría bien un Ave María. Y más de uno también. De hecho, rezó varias veces durante el Super Bowl de ... Read more »

Has Keith Bennett’s body been found? Ian Brady Moors murder victim hunt, mum Winnie Johnson’s fight explained

died without revealing the final resting place of Keith Bennett – but now more than 50 years on police are carrying out searches after a skull was found. Keith was ... Read more »

Drill rapper C Blu held on $110K bail on gun possession rap, Bronx DA says

Teen Bronx drill rapper C Blu, who managed to skirt criminal charges in a police shooting earlier this year, was ordered held on $110,000 bail after cops found a gun ... Read more »

Peter Zisopoulous, man charged with killing FDNY Lt. Alison Russo, was once transported by her unit

The madman accused of fatally stabbing an FDNY lieutenant in Queens had previously been transported to the hospital by her EMS unit after he made anti-Asian threats online, law-enforcement sources ... Read more »

North Carolina woman prints her resume on a cake, has it hand-delivered to Nike

Karly Pavlinac Blackburn has a resume that takes the cake. Recently, the 27-year-old went viral for a LinkedIn post about her recent job application experience and the teamwork that went into it. ... Read more »
Breaking thailand news, thai news, thailand news Verified News Story Network