Zimbra Collaboration, an open-source software suite for collaboration, is utilized by over 5,000 companies and public sector users in more than 140 countries. However, Google TAG discovered a 0-day exploit in June 2023 that targeted Zimbra Collaboration (CVE-2023-37580). Four distinct groups exploited this bug, stealing email data, user credentials, and authentication tokens. The vulnerability, known as Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability, has a base score of 6.1 and a medium severity level. Most of the hacking activity occurred after the initial fix was made public on GitHub. To stay protected, it is recommended to keep software up-to-date and apply security updates promptly. Zimbra released a hotfix on July 5, 2023, and provided an advisory on July 13, 2023. Researchers also identified three threat groups exploiting the vulnerability before the official patch, with a fourth campaign emerging after the fix. The urgency for mail server fixes is underscored by the discovery of these campaigns. Regular XSS exploits highlight the importance of conducting rigorous mail server code audits.
Related Posts
The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog to include critical zero-day…
The Russian group RomCom, dubbed Storm-0978, distributes underground ransomware by leveraging the Microsoft Office and Windows HTML RCE zero-day vulnerability…
Hackers target Cisco Firewalls due to their widespread use and the potential to exploit vulnerabilities to gain unauthorized access, steal…