"Unpatched Zimbra Platforms Are Probably Compromised, CISA Says"

According to a new cybersecurity advisory by the Cybersecurity and Infrastructure Security Agency (CISA), security teams running unpatched, internet-connected Zimbra Collaboration Suites (ZCS) should go ahead and assume compromise and take immediate detection and response action.  CISA flagged active Zimbra exploits for CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, which are being chained with CVE-2022-37042, and CVE-2022-30333.  CISA noted that the attacks lead to remote code execution and access to the Zimbra platform.  CISA stated that the result could be quite risky when it comes to shielding sensitive information and preventing email-based follow-on threats.  ZCS is a suite of business communications services that includes an email server and a Web client for accessing messages via the cloud.  CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) provided detection details and indicators of compromise (IoCs) to help security teams.  According to an AcZimbra advisory, threat actors may be targeting unpatched ZCS instances in both government and private sector networks.  CISA and the MS-ISAC strongly urged users and administrators to apply the guidance in the recommendations section of the cybersecurity advisory to help secure their organization's systems against malicious cyberactivity.

Dark Reading reports: "Unpatched Zimbra Platforms Are Probably Compromised, CISA Says"