At a glance.
- Vulnerabilities in Zimbra undergoing widespread exploitation.
- DDoS attack against Energoatom's public website.
- Lessons learned from the cyber phases of Russia's hybrid war.
- New Lazarus Group activity reported.
- CISA releases eight ICS security advisories.
Vulnerabilities in Zimbra undergoing widespread exploitation.
The widely used Zimbra Collaboration Suite, which the Stack and others describe as a lower-cost alternative to Microsoft Exchange, is being widely attacked. Small- and medium-sized enterprises and schools are Zimbra's primary users, but it's also used by some banks and multinational corporations. In all, the Stack says, Zimbra is used by more than two-hundred-thousand businesses in over a hundred-forty countries. (As an aside, one of those countries is Ukraine, where CERT-UA warned back in April that the CVE-2018-6882 vulnerability was undergoing active exploitation.)
Yesterday the US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert (AA22-228A) to the effect that "Threat Actors [are] Exploiting Multiple CVEs Against Zimbra Collaboration Suite." CISA's alert includes more CVEs than did CERT-UA's, specifying as it does CVE-2022-24682, CVE-2022-27924, CVE-2022-27925 (chained with CVE-2022-37042), and CVE-2022-30333. All of these are known vulnerabilities for which Zimbra has issued patches. CISA urges all Zimbra Collaboration Suite administrators to immediately update their systems, scan for indicators of compromise, and take action to remediate any compromise they find.