News

Google: zero-day leak in Zimbra used for hacks at government institutions

By admin
Spread the love

Cybercriminals were able to attack several government institutions via a zero-day leak in Zimbra’s software suite, Google says. According to the company, four different groups have abused the vulnerability to, among other things, steal emails.

Google writes that the groups have hacked government agencies in Greece, Pakistan, Moldova, Vietnam and Tunisia. The zero-day vulnerability is designated CVE-2023-37580 and is a cross-site scripting vulnerability. Zimbra had made the update available for the leak on GitHub in early July, but the patch did not become available until later that month. During that period, two of the four groups made their move, Google says.

Another group already knew about the vulnerability before Zimbra posted the update on GitHub. He carried out the first attack aimed at a Greek government institution. This was discovered by Google on June 29 and reported to Zimbra. Although the patch had become available, the latest group still used the vulnerability to attack a government agency in Pakistan. Google found out about that attack on August 25.

Source: Google

You might also like
News

Private: Apple launches invitations app (and that is reason for a party)

News

Private: New Apple app 'Invitations' can come true any time

News

Private: So you can already watch season 5 of Yellowstone!

News

Private: KNVB Beker-Quart final: This is how you watch PSV-Feyenoord Free and Live

News

Private: Apple Music Replay 2025 is ready for you here

News

Private: New version of iOS 18.3 is off – especially for this iPhone