Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
12 résultats taggé Zimbra  ✕
Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
16/11/2023 18:01:57
QRCode
archive.org
thumbnail

TAG’s discovery of a 0-day exploit used to steal email data from international government organizations.

blog.google EN 2023 Zimbra 0-day government TAG exploit XSS CVE-2023-37580
MalasLocker ransomware targets Zimbra servers, demands charity donation https://www.bleepingcomputer.com/news/security/malaslocker-ransomware-targets-zimbra-servers-demands-charity-donation/
21/05/2023 16:16:19
QRCode
archive.org
thumbnail

A new ransomware operation is hacking Zimbra servers to steal emails and encrypt files. However, instead of demanding a ransom payment, the threat actors claim to require a donation to charity to provide an encryptor and prevent data leaking.

bleepingcomputer Age-Encryption AgeLocker Charity Email MalasLocker QNAP Ransomware Zimbra
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
30/03/2023 22:38:23
QRCode
archive.org
thumbnail
  • Proofpoint has observed recent espionage-related activity by TA473, including yet to be reported instances of TA473 targeting US elected officials and staffers. TA473 is a newly minted Proofpoint threat actor that aligns with public reporting on Winter Vivern.
  • TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals that allows them to gain access to the email mailboxes of government entities in Europe.
  • TA473 recons and reverse engineers bespoke JavaScript payloads designed for each government targets’ webmail portal.
  • Proofpoint concurs with Sentinel One analysis that TA473 targeting superficially aligns with the support of Russian and/or Belarussian geopolitical goals as they pertain to the Russia-Ukraine War.
proofpoint EN 2023 NATO proofpoint Zimbra CVE-2022-27926 WinterVivern Russia JavaScript payloads
CVE-2022-41352 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis
07/10/2022 10:22:03
QRCode
archive.org
thumbnail

On September 25, 2022, CVE-2022-41352 was filed for Zimbra Collaboration Suite. The vulnerability is a remote code execution flaw that arises from unsafe usage…

attackerkb EN 2022 CVE-2022-41352 Zimbra vulnerability
MAR-10400779-1.v1 – Zimbra 1 https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-270a
28/09/2022 15:27:59
QRCode
archive.org

CISA received seven files for analysis. Six Java Server Pages (JSP) webshells and a Bourne Again SHell (bash) file. Five JSP webshell files are designed to parse inbound requests for commands for execution, download files, and upload files. One JSP webshell file contains a form with input fields that prompts the attacker to enter the command in the input box and click "run" to execute. The command output will be displayed in a JSP page. The bash file is designed to perform ldapsearch queries and store the output into a newly created directory.

uscert csirt cert EN 2022 Malware Analysis Report AR22-270A Zimbra
Zimbra Open Bucket Data Leak – Responsible Disclosure https://members.backbox.org/zimbra-open-bucket-data-leak-responsible-disclosure/
31/08/2022 10:14:16
QRCode
archive.org

Hundreds of millions use Zimbra, an all-in-one business productivity suite for micro, small, medium & enterprise in-office and remote work teams. The Zimbra Inc company was acquired by Synacor Inc

backbox EN 2022 Leak Zimbra Disclosure Bucket
CVE-2022-27925 https://attackerkb.com/topics/dSu4KGZiFd/cve-2022-27925/rapid7-analysis
20/08/2022 17:29:04
QRCode
archive.org
thumbnail

On May 10, 2022, Zimbra released versions 9.0.0 patch 24 and 8.8.15 patch 31 to address multiple vulnerabilities in Zimbra Collaboration Suite, including CVE-2…

AttackerKB Analysis CVE-2022-27925 EN 2022 Zimbra
Zimbra Credential Theft Vulnerability Exploited in Attacks https://www.securityweek.com/zimbra-credential-theft-vulnerability-exploited-attacks
08/08/2022 11:17:14
QRCode
archive.org

CISA has urged organizations to patch a recent Zimbra credential theft vulnerability after reports of exploitation in the wild.

securityweek EN Zimbra vulnerability CVE-2022-27924 credential-theft exploited CISA email
CVE-2022-30333 https://attackerkb.com/topics/RCa4EIZdbZ/cve-2022-30333/rapid7-analysis
19/07/2022 08:06:09
QRCode
archive.org
thumbnail

On May 6, 2022, Rarlab released version 6.17, which addresses CVE-2022-30333, a path traversal vulnerability reported to them by Sonar, who posted a write-up about it. Sonar specifically calls out Zimbra Collaboration Suite’s usage of unrar as vulnerable (specifically, the amavisd component, which is used to inspect incoming emails for spam and malware). Zimbra addressed this issue in 9.0.0 patch 25 and 8.5.15 patch 32 by replacing unrar with 7z.

attackerkb CVE-2022-30333 analysis zimbra Rapid7
Unrar Path Traversal Vulnerability affects Zimbra Mail https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
29/06/2022 21:15:52
QRCode
archive.org
thumbnail

We discovered a vulnerability in Zimbra Enterprise Email that allows an unauthenticated, remote attacker fully take over Zimbra instances via a flaw in unrar.

sonarsource Pathtraversal EN 2022 Zimbra flaw unrar CVE-2022-30333
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
15/06/2022 18:18:08
QRCode
archive.org
thumbnail

We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

sonarsource EN 2022 Zimbra memcache Vulnerability email steal credentials
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
13/02/2022 01:37:20
QRCode
archive.org
thumbnail
Volexity EN Zimbra 0-day TEMP_Heretic
4259 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio