Zabbix servers under attack with recently disclosed vulnerability says CISA
By MYBRANDBOOK
The US Cybersecurity Infrastructure and Security Agency( CISA) has expanded its Known Exploited Vulnerabilities Catalog with two critical flaws in the Zabbix enterprise monitoring solution has learned that threat actors have started using two vulnerabilities disclosed last week to take over unpatched systems.
It has tracked as CVE-2022-23131 and CVE-2022-23134, and both were disclosed last week in a write-up from security firm SonarSource and has gain administrator privileges, which could then allow an attacker to execute arbitrary commands.
The first is a bug in how Zabbix stores session data, allowing an attacker to bypass authentication procedures, while the second bug has its root in the incorrect handling of the Zabbix installer files that allows unauthenticated users (attackers) to access some of these resources and re-configure servers.
Zabbix is an open-source monitoring platform that organizations deploy within their networks to collect and centralize data such as CPU load and network traffic.
The web-based app that can be used to monitor and receive telemetry from a wide array of IT systems deployed inside large enterprise networks, supporting acquisition from workstations, servers, and cloud resources alike.
The Zabbix team released updates last week, but as has been the recent trend, threat actors were quick to move to weaponize the disclosed vulnerabilities in the hopes of gaining footholds inside large corporate networks, access they could use to escalate intrusions or sell to other criminal groups.
While CISA has not released details about the current exploitation attempts, proof-of-concept for at least one of the vulnerabilities has been available on GitHub for at least a few days. According to a Shodan Trends page, there are currently more than 3,800 Zabbix instances connected to the internet, which if left unpatched, are at serious risk of getting hacked.
CVE-2022-23131 exists because, although Zabbix has a mechanism of validating the user when accessing data stored client-side, that function is never called for the session entry (containing user attributes) created when SAML authentication is used.
A day after SonarSource published its Zabbix write-up, fellow security firm White Oak Security published a report detailing a hardcoded backdoor account in Extensis Portfolio, another IT monitoring and management tool. Exploitation of this vulnerability (CVE-2022-24255) has not been observed—yet—but it’s just as an attractive target as Zabbix systems and even easier to exploit.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
ICONS OF INDIA : SACHIN BANSAL
Sachin Bansal is an Indian entrepreneur. He is best known as the found...
Icons Of India : Anil Agarwal
Anil Agarwal, the Founder and Chairman of Vedanta Resources Ltd., is r...
Icons Of India : Girish Mathrubootham
Girish Mathrubootham is the Founder of Freshworks (previously known ...
STPI - Software Technology Parks of India
STPI promotes and facilitates the growth of the IT and ITES industry i...
NIC - National Informatics Centre
NIC serves as the primary IT solutions provider for the government of ...
C-DAC - Centre for Development of Advanced Computing
C-DAC is uniquely positioned in the field of advanced computing...
Indian Tech Talent Excelling The Tech World - ANJALI SUD, CEO – Tubi
Anjali Sud, the former CEO of Vimeo, now leads Tubi, Fox Corporation...
Indian Tech Talent Excelling The Tech World - Thomas Kurian, CEO- Google Cloud
Thomas Kurian, the CEO of Google Cloud, has been instrumental in expan...
Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson
Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...