The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) issued a cybersecurity advisory on August 18 that warns about Common Vulnerabilities and Exposures (CVEs) that they say are “currently being exploited” against the Zimbra Collaboration Suite (ZCS).
ZCS is an enterprise cloud-hosted collaboration software and email platform used by both private sector and government organizations.
According to the advisory, malicious cyber actors have been targeting unpatched versions of ZCS software.
“CISA and the MS-ISAC strongly urge users and administrators to apply the guidance in the Recommendations section of this [cybersecurity advisory] to help secure their organization’s systems against malicious cyber activity,” the advisory states.
“CISA and the MS-ISAC encourage organizations who did not immediately update their ZCS instances upon patch release, or whose ZCS instances were exposed to the internet, to assume compromise and hunt for malicious activity using the third-party detection signatures in the Detection Methods section” of the advisory, the organizations said.
CISA and the MSISAC said they will continue to release information on any possible Indications of Compromise (IOCs) as they continue to look for vulnerable systems that have been compromised.
They also released a list of information that ZCS administrators can do to help mitigate cyberattacks or locate compromised systems, including:
- Patch all systems and prioritize patching known exploited vulnerabilities;
- Deploy detection signatures and hunt for indicators of compromise (IOCs); and
- If ZCS was compromised, remediate malicious activity.