The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its August 16 alert, Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite, to include additional indicators of compromise (IoCs). In the August version of the alert, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) urge organizations that did not immediately update Zimbra Collaboration Suite when the fixes became available, or whose instances of ZCS were exposed to the Internet, should “assume compromise and hunt for malicious activity.”
Note
- The highlight to take away from this: If you are still running a vulnerable version of Zimbra, assume it to be compromised.
- This is an update to the advisory from August 16th. Two things here. First, there are updated IOCs to consume and scan for, like now. Second, unpatched Zimbra installations are targeted, so patch your Zimbra installation. Leverage this information to get the downtime you need to properly analyze and remediate/patch. Don’t let anyone talk you out of addressing this.
Read more in
