October 1, 2022

Volume XII, Number 274

Advertisement

September 30, 2022

Subscribe to Latest Legal News and Analysis

September 29, 2022

Subscribe to Latest Legal News and Analysis

CISA + MS-ISAC Alert: Threat Actors Exploiting Zimbra Collaboration Suite

On August 16, 2022, CISA (the Cybersecurity and Infrastructure Security Agency) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) issued an Alert outlining multiple Common Vulnerabilities and Exposures (CVEs) that threat actors are actively exploiting against Zimbra Collaboration Suite, which is “an enterprise cloud-hosted collaboration software and email platform.”

According to the Alert:

“Cyber threat actors may be targeting unpatched ZCS instances in both government and private sector networks. CISA and the MS-ISAC strongly urge users and administrators to apply the guidance in the Recommendations section of this CSA to help secure their organization’s systems against malicious cyber activity. CISA and the MS-ISAC encourage organizations who did not immediately update their ZCS instances upon patch release, or whose ZCS instances were exposed to the internet, to assume compromise and hunt for malicious activity using the third-party detection signatures in the Detection Methods section of this CSA. Organizations that detect potential compromise should apply the steps in the Incident Response section of this CSA.”

The Alert outlines ways to detect and mitigate the risk of exploitation of the CVEs. The Alert can be accessed here.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XII, Number 231
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement