Critical Zimbra RCE flaw exploited to backdoor servers using emails

October 2, 2024 at 10:35AM Hackers are exploiting a Zimbra email server vulnerability (CVE-2024-45519) by sending specially crafted emails to the SMTP server, allowing them to execute commands. Malicious activity was detected by Proofpoint and a proof-of-concept exploit was released, urging users to update to secure versions or take preventive measures as listed. After reviewing … Read more

Critical Zimbra RCE flaw actively exploited to take over servers

October 2, 2024 at 10:20AM Cyber attackers are exploiting a Zimbra email server vulnerability (CVE-2024-45519) using specially crafted emails to trigger remote code execution. Proofpoint detected this “mass-exploitation,” as malicious emails spoofing Gmail deploy fake addresses and harmful code in the CC field. Installation of the webshell via the exploit provides full access to the … Read more

‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln

October 2, 2024 at 06:59AM Infosec researchers advise patching Zimbra mail servers immediately due to the mass exploitation of a critical remote code execution vulnerability (CVE-2024-45519). Attackers have been adding bogus CC addresses to spoofed Gmail emails, potentially leading to unauthorized access and system compromise. The National Vulnerability Database’s backlog of vulnerabilities remains a concern, … Read more

Zimbra RCE Vuln Under Attack Needs Immediate Patching

October 1, 2024 at 05:47PM Cyber attackers are actively exploiting a severe remote code execution vulnerability (CVE-2024-45519) in Zimbra’s SMTP server, allowing them to take control of vulnerable systems. Proofpoint researchers observed attacks since Sept. 28, with attackers sending spoofed emails containing base64-encoded malicious code. Zimbra issued updates, but administrators need to apply them promptly … Read more

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

November 16, 2023 at 11:48AM A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups, resulting in the theft of email data, user credentials, and authentication tokens. The flaw, tracked as CVE-2023-37580, allowed the execution of malicious scripts by tricking users into clicking on a specially crafted URL. The attacks … Read more