Zimbra 0-Day Used to Target International Government Organizations
fliptop writes:
Google's Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world:
In June 2023, Google's Threat Analysis Group (TAG) discovered an in-the-wild 0-day exploit targeting Zimbra Collaboration, an email server many organizations use to host their email. Since discovering the 0-day, now patched as CVE-2023-37580, TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To ensure protection against these types of exploits, TAG urges users and organizations to keep software fully up-to-date and apply security updates as soon as they become available.
TAG first discovered the 0-day, a reflected cross-site scripting (XSS) vulnerability, in June when it was actively exploited in targeted attacks against Zimbra's email server. Zimbra pushed a hotfix to their public Github on July 5, 2023 and published an initial advisory with remediation guidance on July 13, 2023. They patched the vulnerability as CVE-2023-37580 on July 25, 2023.
Originally spotted on Schneier on Security.
Related: State Hackers Breach Defense, Energy, Healthcare Orgs Worldwide
Read more of this story at SoylentNews.