{"id":148392,"date":"2022-10-18T03:38:07","date_gmt":"2022-10-18T08:38:07","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2022\/10\/almost-900-servers-hacked-using-zimbra-zero-day-flaw"},"modified":"2022-10-18T03:38:07","modified_gmt":"2022-10-18T08:38:07","slug":"almost-900-servers-hacked-using-zimbra-zero-day-flaw","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2022\/10\/almost-900-servers-hacked-using-zimbra-zero-day-flaw","title":{"rendered":"Almost 900 servers hacked using Zimbra zero-day flaw"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/almost-900-servers-hacked-using-zimbra-zero-day-flaw2.jpg\"><\/a><\/p>\n<p>Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months.<\/p>\n<p>The vulnerability tracked as CVE-2022\u201341352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server while, at the same time, bypassing antivirus checks.<\/p>\n<p>According to the cybersecurity company <a href=\"https:\/\/securelist.com\/ongoing-exploitation-of-cve-2022-41352-zimbra-0-day\/107703\/\" target=\"_blank\" rel=\"nofollow noopener\">Kaspersky<\/a>, various APT (advanced persistent threat) groups actively exploited the flaw soon after it was reported on the <a href=\"https:\/\/forums.zimbra.org\/viewtopic.php?t=71153&p=306532\" target=\"_blank\" rel=\"nofollow noopener\">Zimbra forums<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite (ZCS) vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months. The vulnerability tracked as CVE-2022\u201341352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web [\u2026]<\/p>\n","protected":false},"author":396,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-148392","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/148392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/396"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=148392"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/148392\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=148392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=148392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=148392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}