Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!

“Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. The vulnerability CVE-2024-45519 is a remote code execution vulnerability in Zimbra mail servers that was discovered by the security researcher lebr0nli (Alan Li). Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations.” reads a blog post published by Project Discovery. “Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Threat actors started exploring the vulnerability after the cybersecurity firm Project Discovery released technical details of the vulnerability and PoC exploit code. Starting on September 28, 2024, threat actors have been attempting to exploit the issue to achieve remote code execution on vulnerable instances. The emails spoofing Gmail were sent to bogus addresses in the CC fields in an attempt for Zimbra servers to parse and execute them as commands.

This Cyber News was published on securityaffairs.com. Publication date: Wed, 02 Oct 2024 10:43:07 +0000


Cyber News related to Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now! - “Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, a remote code execution vulnerability in Zimbra mail servers. Beginning on September 28, @Proofpoint began observing attempts to exploit CVE-2024-45519, ...
2 months ago Securityaffairs.com
Critical Zimbra RCE flaw actively exploited to take over servers - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
2 months ago Bleepingcomputer.com
Critical Zimbra RCE flaw exploited to backdoor servers using emails - Attackers can exploit the vulnerability by sending specially crafted emails with commands to execute in the CC field, which are then executed when the postjournal service processes the email. Hackers are actively exploiting a recently disclosed RCE ...
2 months ago Bleepingcomputer.com
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries - Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. Multiple flaws in DrayTek ...
2 months ago Securityaffairs.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
6 months ago Securityaffairs.com
Zimbra RCE Vulnerability (CVE-2024-45519) - Exploit POC Released - Zimbra, a popular email and collaboration platform, has issued a crucial security update to patch a severe vulnerability in its postjournal service. Attackers could exploit it to run arbitrary commands without authentication, which poses a ...
2 months ago Cybersecuritynews.com
Rhadamanthys information stealer introduces AI-driven capabilities - The malware allows operators to harvest a broad range of information, including system information, credentials, cryptocurrency wallets, browser passwords, cookies, and data stored in various applications. “This allows Rhadamanthys to extract ...
2 months ago Securityaffairs.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
5 months ago Securityaffairs.com
Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) - Help Net Security - Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and other flaws, and a day after ProjectDiscovery’s analysts published a ...
2 months ago Helpnetsecurity.com
US CISA adds Ivanti EPM flaw to its Known Exploited Vulnerabilities catalog - The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-29824 (CVSS score of 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. U.S. Cybersecurity ...
2 months ago Securityaffairs.com
Zimbra RCE Vuln Under Attack Needs Immediate Patching - "Some emails from the same sender used a series of CC'd addresses attempting to build a Web shell on a vulnerable Zimbra server," Proofpoint said. Attackers are actively targeting a severe remote code execution vulnerability that ...
2 months ago Darkreading.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
5 months ago Securityaffairs.com
Researchers Sound Alarm on Active Attacks Exploiting Critical Zimbra Postjournal Flaw - "While the postjournal feature may be optional or not enabled on most systems, it is still necessary to apply the provided patch to prevent potential exploitation," Ashish Kataria, a security architect engineer at Synacor, noted in a comment on ...
2 months ago Thehackernews.com
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
6 months ago Securityaffairs.com
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
6 months ago Securityaffairs.com
High-severity flaw affects Cisco Firepower Management Center - CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Hackers ...
6 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
Threat actors actively exploit D-Link DIR-859 router flaw - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities ...
5 months ago Securityaffairs.com
Sav-Rx data breach impacted over 2.8 million individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach government networks. Microsoft fixed two zero-day bugs exploited in malware ...
6 months ago Securityaffairs.com
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs - Google's Threat Analysis Group has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in multiple countries. Hackers leveraged a medium-severity ...
1 year ago Bleepingcomputer.com
newsletter Round 473 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
6 months ago Securityaffairs.com
newsletter Round 474 by Pierluigi Paganini - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. Critical Fortinet's ...
6 months ago Securityaffairs.com
Impact of Remote Work and Cloud Migrations on Security Perimeters - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Microsoft fixed two zero-day bugs exploited in malware attacks. HTTP/2 CONTINUATION Flood technique can be exploited in DoS attacks. BianLian group exploits ...
6 months ago Securityaffairs.com
Healthcare firm WebTPA data breach impacted 2.5M individuals - Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Nation-state actors exploited two zero-days in ASA and FTD firewalls to breach ...
6 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)