SELECTED BY THE TALOS SECURITY INTELLIGENCE AND RESEARCH GROUP
Title: Thousands of Zimbra platforms actively targeted with critical vulnerabilities
Description: Security experts are warning that attackers are actively exploiting a vulnerability in the Zimbra digital collaboration platform, and the exploit is circulating in the wild. A range of reports indicate threat actors are using the vulnerabilities, which can provide adversaries with full remote code execution with no authentication needed. Microsoft stated that more than 30,000 instances are believed to be publicly exposed, and the U.S. Cybersecurity and Infrastructure Security Agency added CVE-2022-37042 and CVE-2022-27925 to its list of known exploited vulnerabilities. The vulnerabilities specifically affect Zimbra Collaboration Suite (ZCS) email servers and are similar to other vulnerabilities discovered in 2021 affecting Microsoft Exchange Server. CISA also warned users of another ZCS vulnerability on Aug. 4 — CVE-2022-27924, which was also being exploited in the wild. Federal agencies must patch for CVE-2022-27924 by Aug. 24.
References:
- https://therecord.media/cisa-orders-civilian-agencies-to-patch-zimbra-bug-after-mass-exploitation/
- https://thestack.technology/microsoft-exchange-alternative-zimbra-hacked/
Snort SIDs: 60409, 60410
Title: Exploit available for critical VMWare privilege escalation vulnerability
Description: A researcher who discovered two critical vulnerabilities in VMware ONE Workspace Access released proof of concept exploit code for one of them. An attacker could exploit CVE-2022-31656 to gain admin privileges on the targeted device. VMWare had already released a warning telling users to patch the issue as soon as possible even before the PoC code was released. Security firm Imperva said it detected attempts to exploit the vulnerability after Aug. 9 when the code went public.
References:
- https://www.vmware.com/security/advisories/VMSA-2022-0021.html
- https://www.imperva.com/blog/what-we-know-about-vmware-cve-2022-31656-and-cve-2022-31659/
Snort SIDs: 60403, 60415