Download Certificate- Most Promising Partner | ECIO | Most Admired Brand | Most Trusted Company

Zabbix servers under attack with recently disclosed vulnerability says CISA


By MYBRANDBOOK


Zabbix servers under attack with recently disclosed vulnerability says CISA

The US Cybersecurity Infrastructure and Security Agency( CISA) has expanded its Known Exploited Vulnerabilities Catalog with two critical flaws in the Zabbix enterprise monitoring solution has learned that threat actors have started using two vulnerabilities disclosed last week to take over unpatched systems.

 

It has tracked as CVE-2022-23131 and CVE-2022-23134, and both were disclosed last week in a write-up from security firm SonarSource and has gain administrator privileges, which could then allow an attacker to execute arbitrary commands.

 

The first is a bug in how Zabbix stores session data, allowing an attacker to bypass authentication procedures, while the second bug has its root in the incorrect handling of the Zabbix installer files that allows unauthenticated users (attackers) to access some of these resources and re-configure servers.

 

Zabbix is an open-source monitoring platform that organizations deploy within their networks to collect and centralize data such as CPU load and network traffic.

 

The web-based app that can be used to monitor and receive telemetry from a wide array of IT systems deployed inside large enterprise networks, supporting acquisition from workstations, servers, and cloud resources alike.

 

The Zabbix team released updates last week, but as has been the recent trend, threat actors were quick to move to weaponize the disclosed vulnerabilities in the hopes of gaining footholds inside large corporate networks, access they could use to escalate intrusions or sell to other criminal groups.

 

While CISA has not released details about the current exploitation attempts, proof-of-concept for at least one of the vulnerabilities has been available on GitHub for at least a few days. According to a Shodan Trends page, there are currently more than 3,800 Zabbix instances connected to the internet, which if left unpatched, are at serious risk of getting hacked.

 

CVE-2022-23131 exists because, although Zabbix has a mechanism of validating the user when accessing data stored client-side, that function is never called for the session entry (containing user attributes) created when SAML authentication is used.

 

A day after SonarSource published its Zabbix write-up, fellow security firm White Oak Security published a report detailing a hardcoded backdoor account in Extensis Portfolio, another IT monitoring and management tool. Exploitation of this vulnerability (CVE-2022-24255) has not been observed—yet—but it’s just as an attractive target as Zabbix systems and even easier to exploit.
 BREAKING NEWS  BREAKING NEWS
Cisco announces AI-native secure Wi-Fi 7 for future-ready employe

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

 TECHNO TRENDS  Placeholder image
Nazara and ONDC set to transform in-game monetization with ‘

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
Eloelo teams up with Elvish Yadav for India's biggest digital

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic
Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b
 MOVERS & SHAKERS  Placeholder image
Kamal Nath quits SIFY Technologies

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ
Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this
 OPEN YOUR EYES  Placeholder image

The rise in internet usage has opened the doors to conduct cyber-attacks
The Changing Face of Cybercrime Amidst Global Pandemic
Rising Uncertainty On The Start-ups At The Verge Of Collapse
Waiting For A Cybersecurity disaster to happen
No road block for the cyber espionage cases
 INTERVIEWS  Placeholder image
In India, 88% of Indian business leaders are planning to inves

In India, 88% of Indian business leaders are planning to inves

Bolstering its commitment to help build a truly self-reliant B

Bolstering its commitment to help build a truly self-reliant B

CP PLUS is dedicated to spreading a sense of security to every corner of In
Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

Alcatel-Lucent Enterprise Carrying a 100 year legacy ahead

A good amount of R&D works and global support services are operated out of

 HOT PICK  Placeholder image
BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit
Gigabyte X3D Turbo: A Gaming Revolution

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr
 MAKE IN INDIA BRANDS   Placeholder image
LAVA INTERNATIONAL LTD.

LAVA INTERNATIONAL LTD.


TP-LINK INDIA PVT. LTD.

TP-LINK INDIA PVT. LTD.


LUMINOUS POWER TECHNOLOGIES PVT. LTD.

LUMINOUS POWER TECHNOLOGIES PVT. LTD.


TALLY SOLUTIONS PVT. LTD.

TALLY SOLUTIONS PVT. LTD.


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

AIM TO PUT IA SOLUTIONS WITH A WIDE “GENERAL INTELLIGENCE” SCOPE INTO PRACTICE

Our firm is fortunate to be led by distinguished i...

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

USING AI & BI OFFERINGS TO ADDRESS CLIENT NEEDS

In the fiscal year 2024-25, Assisto Technologies h...

 ICONS OF INDIA  Placeholder image

Icons Of India : AMIT CHADHA

Amit Chadha serves as the CEO and Managing Director of L&T Technology ...

Icons Of India : Anil Kumar Lahoti

Anil Kumar Lahoti, Chairman, Telecom Regulatory Authority of India (TR...

Icons Of India : Debjani Ghosh

Debjani Ghosh is the President of the National Association of Software...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

"Tech Data's Solution-Centric Methodology and Consistent Communication: Enhancing Customer Experience Across All Touchpoints"

Tech Data’s unique value proposition is its solutions aggregation and orches...

Regaining its Technical Aura By Resonating Consistency & Reliability

Brand awareness metrics and KPIs help TDM Networks to monitor and analyze the ...

Rashi Peripherals is Redefining ICT Distribution with Technology

Rashi Peripherals is India’s fourth largest ICT distribution company in term...

 PSU  Placeholder image

PFC - Power Finance Corporation Ltd

PFC is a leading financial institution in India specializing in power ...

TCIL - Telecommunications Consultants India Limited  

TCIL is a government-owned engineering and consultancy company...

BSE - Bombay Stock Exchange  

The Bombay Stock Exchange (BSE) is one of India’s largest and oldest...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2024: HCL TECHNOLOGIES LTD.

HCL Technologies Ltd. (HCLTech) has been at the forefront of technological inn...

Most Trusted Brands 2024: Infosys Ltd.

Infosys, leverages emerging technologies and digital capabilities to help clie...

Most Trusted Brands 2024: BHARTI AIRTEL LTD.

Airtel is a global communications solutions provider serving over 500 million ...

 Global Indian industry   Value-Added Distribution

Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated

Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...

Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy

Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...

Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube

Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...

 STARNITE AWARDS 2024  
 ITFORUM 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 IMAGE GALLERY   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
Brandbook Brandbook
 TECHNOLOGY DISRUPTION Placeholder image

Optimize and automate modern data centres

Optimize and automate modern data centres

Tech Mahindra and Cisco to simplify internet transport networks with routed optical networking

Tech Mahindra and Cisco to simplify internet transport networks with routed optical networking

Rockwell Automation and Microsoft to leverage Generative AI capabilities

Rockwell Automation and Microsoft to leverage Generative AI capabilities

Adani Group’s fall raises internal crisis

Adani Group’s fall raises internal crisis

 UNICORNS REVOLUTIONISING Placeholder image

Eruditus Executive Education

Eruditus Executive Education

IndiaIdeas.com Limited

IndiaIdeas.com Limited

Girnar Software Private Limited

Girnar Software Private Limited

NoBroker Technologies Solutions Pvt Ltd.

NoBroker Technologies Solutions Pvt Ltd.


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW