Volexity: Attackers exploit RCE flaw to breach Zimbra servers | allinfosecnews.com

Aug. 13, 2022, 2:53 a.m. | SC Staff

SC Magazine feed for Risk Management www.scmagazine.com

Threat intelligence firm Volexity discovered that attackers have been actively exploiting a remote code execution flaw tracked as CVE-2022-27925 with the help of the CVE-2022-37042 auth bypass bug as early as the end of June to compromise Zimbra Collaboration Suite email servers, which are used by over 200,000 businesses, including more than 1,000 government and financial organizations across 140 countries, Bleeping Computer reports. "Volexity believes this vulnerability was exploited in a manner consistent with what it saw with Microsoft Exchange …

attackers breach exploit flaw rce remote access servers volexity zimbra

More from www.scmagazine.com / SC Magazine feed for Risk Management

OpenAI report reveals threat actors using ChatGPT in influence operations 1 day, 10 hours ago | www.scmagazine.com

ai-benefitsrisks aiml campaigns chatgpt +11

EPA poised to finalize agency-wide cyber risk assessment process 1 day, 17 hours ago | www.scmagazine.com

accountability agency assessment critical-infrastructure-security +28

Federal investigation into UnitedHealth urged after Change Healthcare attack 1 day, 17 hours ago | www.scmagazine.com

attack chair change change healthcare +27

Santander Bank hack claimed by ShinyHunters threat group 1 day, 17 hours ago | www.scmagazine.com

bank breach chile customers +18

Data breach impacts Everbridge corporate systems 1 day, 17 hours ago | www.scmagazine.com

attack bleepingcomputer breach breached +21

Over 600K US routers compromised in 2023 malware attack 1 day, 17 hours ago | www.scmagazine.com

attack compromised cyberattack distribution +16

Updated LightSpy spyware for macOS emerges 1 day, 17 hours ago | www.scmagazine.com

application security cybernews devices endpointdevice-security +15

New RedTail cryptominer attacks involve Palo Alto firewall exploit 1 day, 17 hours ago | www.scmagazine.com

alto april attacks cryptocurrency +29

Phishing attack campaign against Ukraine thwarted 1 day, 17 hours ago | www.scmagazine.com

attack campaign capabilities entities +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com