Global Government Data Breach: Zimbra Zero-Day Exploited by Multiple Hacker Groups

November 16, 2023 at 04:09 PM

•

1 min read

Global Government Data Breach: Zimbra Zero-Day Exploited by Multiple Hacker Groups — Photo: The Hacker News

TL;DR Summary

Four hacker groups have exploited a zero-day flaw in the Zimbra Collaboration email software, allowing them to steal email data, user credentials, and authentication tokens. The vulnerability, tracked as CVE-2023-37580, is a reflected cross-site scripting (XSS) flaw that was addressed by Zimbra in July 2023. The attacks occurred even after the initial fix was made public on GitHub, highlighting the importance of promptly applying patches to mail servers. The campaigns targeted government organizations in Greece, Moldova, Tunisia, and Vietnam, demonstrating the need for thorough auditing of mail server applications.

Topics:technology #email-software #hacker-groups #vulnerability-email-security #xss-vulnerability #zero-day-flaw #zimbra

Share this article

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups The Hacker News
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs BleepingComputer
APTs Swarm Zimbra Zero-Day to Steal Government Info Worldwide DARKReading
Zimbra zero-day exploited to steal government emails by 4 groups Security Affairs
An email vulnerability let hackers steal data from governments around the world Engadget
View Full Coverage on Google News

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

83%

514 → 89 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights