On March 11, 2022, researchers from SonarSource announced the discovery of this ZCS vulnerability. Additionally, malicious actors could use the valid account credentials to open webshells and maintain persistent access. With valid email account credentials in an organization not enforcing multifactor authentication (MFA), a malicious actor can use spear phishing, social engineering, and business email compromise (BEC) attacks against the compromised organization. The actor can then steal ZCS email account credentials in cleartext form without any user interaction. New, November 10, 2022: MAR-10410305-1.v1 JSP Webshellĭownload the PDF version of this report: pdf, 480 kbĬVE-2022-27924 is a high-severity vulnerability enabling an unauthenticated malicious actor to inject arbitrary memcache commands into a targeted ZCS instance and cause an overwrite of arbitrary cached entries.For a downloadable copy of the IOCs, see the following Malware Analysis Reports (MARs): This CSA has been updated with additional IOCs. Organizations that detect potential compromise should apply the steps in the Incident Response section of this CSA. CISA and the MS-ISAC encourage organizations who did not immediately update their ZCS instances upon patch release, or whose ZCS instances were exposed to the internet, to assume compromise and hunt for malicious activity using the third-party detection signatures in the Detection Methods section of this CSA. ![]() CISA and the MS-ISAC strongly urge users and administrators to apply the guidance in the Recommendations section of this CSA to help secure their organization’s systems against malicious cyber activity.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |