February 26, 2024

Members of TAG, Google’s cyber menace evaluation group, have found the existence of a safety flaw in an electronic mail service utilized by many governments around the globe. Due to this vulnerability, attackers had been in a position to steal knowledge from sure nations equivalent to Greece, Tunisia or Moldova.

Photograph credit score: 123RF

Whereas hackers just lately exploited a vulnerability in Google Calendar to steal customers’ private data, members of TAG (Google’s cyber menace evaluation group) have simply made a brand new discovery.

This Thursday, November 16, 2023, the American big’s pc safety researchers declare that they’ve completed it found a very severe safety vulnerability and helped repair it. Due to this vulnerability, the hackers really succeeded Steal knowledge from a number of nationssignificantly Greece, Moldova, Tunisia, Vietnam and Pakistan.

The bug, codenamed CVE-2023-37580, affected Zimbra Collaboration, an electronic mail service utilized by greater than 1,000 1,000 authorities organizations around the globe. In accordance with Google, this vulnerability allowed the theft of electronic mail knowledge, person IDs and passwords, and authentication tokens from organizations.

additionally learn : Watch out for scams throughout Black Friday, 50% of retail websites don’t defend their clients

Google country gap The story of exploiting this bug / Google

A case that reminds us how essential updates are

It began in Greece on the finish of June 2023, when attackers exploited this vulnerability to ship malicious emails to sure members of the Greek authorities. If somebody clicks on the malicious hyperlink whereas logged into their Zimbra account, The aforementioned knowledge was mechanically transmitted to the hackers. Moreover, the attackers took benefit of this to arrange an automated switch and Take possession of the goal electronic mail deal with.

A couple of days later, Zimbra responded effectively and launched a repair for this bug on Github. Sadly, the assaults continued, which means that Affected governments didn’t set up the replace in time to guard themselves. “These campaigns additionally spotlight how attackers monitor open supply repositories to opportunistically exploit vulnerabilities in software program, significantly when a patch is referenced on a platform however not but accessible to customers,” TAG explains in a weblog submit.

Supply: Google TAG weblog