Download Certificate- CMOs | ECIO | Most Admired Brand | Most Trusted Company

Zabbix servers under attack with recently disclosed vulnerability says CISA


By MYBRANDBOOK


Zabbix servers under attack with recently disclosed vulnerability says CISA

The US Cybersecurity Infrastructure and Security Agency( CISA) has expanded its Known Exploited Vulnerabilities Catalog with two critical flaws in the Zabbix enterprise monitoring solution has learned that threat actors have started using two vulnerabilities disclosed last week to take over unpatched systems.

 

It has tracked as CVE-2022-23131 and CVE-2022-23134, and both were disclosed last week in a write-up from security firm SonarSource and has gain administrator privileges, which could then allow an attacker to execute arbitrary commands.

 

The first is a bug in how Zabbix stores session data, allowing an attacker to bypass authentication procedures, while the second bug has its root in the incorrect handling of the Zabbix installer files that allows unauthenticated users (attackers) to access some of these resources and re-configure servers.

 

Zabbix is an open-source monitoring platform that organizations deploy within their networks to collect and centralize data such as CPU load and network traffic.

 

The web-based app that can be used to monitor and receive telemetry from a wide array of IT systems deployed inside large enterprise networks, supporting acquisition from workstations, servers, and cloud resources alike.

 

The Zabbix team released updates last week, but as has been the recent trend, threat actors were quick to move to weaponize the disclosed vulnerabilities in the hopes of gaining footholds inside large corporate networks, access they could use to escalate intrusions or sell to other criminal groups.

 

While CISA has not released details about the current exploitation attempts, proof-of-concept for at least one of the vulnerabilities has been available on GitHub for at least a few days. According to a Shodan Trends page, there are currently more than 3,800 Zabbix instances connected to the internet, which if left unpatched, are at serious risk of getting hacked.

 

CVE-2022-23131 exists because, although Zabbix has a mechanism of validating the user when accessing data stored client-side, that function is never called for the session entry (containing user attributes) created when SAML authentication is used.

 

A day after SonarSource published its Zabbix write-up, fellow security firm White Oak Security published a report detailing a hardcoded backdoor account in Extensis Portfolio, another IT monitoring and management tool. Exploitation of this vulnerability (CVE-2022-24255) has not been observed—yet—but it’s just as an attractive target as Zabbix systems and even easier to exploit.
 BREAKING NEWS  BREAKING NEWS
Apple in talks to include OpenAI's generative AI tech in upcoming

Apple in talks to include OpenAI's generative AI tech in upcoming...

Apple has renewed talks with Sam Altman-led OpenAI about using its gener...

RBI criticizes TalkCharge and warns users for operating unauthori

RBI criticizes TalkCharge and warns users for operating unauthori...

Recently, the Reserve Bank of India warned the public about the risks reg...

Telecom players request Government to address revenue sharing mod

Telecom players request Government to address revenue sharing mod...

Telecom operators Bharti Airtel, Reliance Jio and Vodafone Idea repres...

Dell Technologies and Alienware unveil the new Alienware x16 R2 i

Dell Technologies and Alienware unveil the new Alienware x16 R2 i...

Dell Technologies and Alienware have launched the new Alienware x16 R2 in...

 TECHNO TRENDS  Placeholder image
Google Pay has added

Google Pay has added "Open Wallet" shortcut

With the introduction of the "Open Wallet" shortcut, Google Pay has impro...

TRAI targets to finalise National Broadcast Policy by May-end

TRAI targets to finalise National Broadcast Policy by May-end

The Telecom Regulatory Authority of India will finalise the National Broa...

TAC Security becomes Cyber Security Assessor for the App Defen

TAC Security becomes Cyber Security Assessor for the App Defen

The cybersecurity company, TAC Security has been selected as a key Cyber ...

InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce

InterGlobe’s Rahul Bhatia and C.P. Gurnani together announce

In a move that is set to transform the AI landscape, Rahul Bhatia, Group M...

 E-Magazine 
 TECHNOTAINMENT  Placeholder image
ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as

ED attaches Raj Kundra, Shilpa Shetty’s Rs 97 crore worth as

Salman Khan trolled for singing with B Praak at Anant Ambani's

Salman Khan trolled for singing with B Praak at Anant Ambani's

To celebrate Mukesh Ambani's youngest son Anant Ambani’s 29th birthday

Disney+ Hotstar wins the Best OTT Platform of the year

Disney+ Hotstar wins the Best OTT Platform of the year

Film Critics Guild and Group M Motion Entertainment, in collaboration with

 MOVERS & SHAKERS  Placeholder image
Amagi names its Chief Product Officer

Amagi names its Chief Product Officer

Nium Appoints Alexandra Johnson appoints as Chief Payments Off

Nium Appoints Alexandra Johnson appoints as Chief Payments Off

Nium, the leader in real-time cross-border payments, today announced the ap
SISL elevates Ankita Wadhawan as CEO—End User Computing

SISL elevates Ankita Wadhawan as CEO—End User Computing

The IT service provider, SISL in a LinkedIn post announced the elevation

 OPEN YOUR EYES  Placeholder image

Growing cyberattacks is a raising concern ,it’s time to evaluate cloud-first strategy
Can we could visualise a new world post COVID -19
Automation & AI are becoming the main drivers for many business
Manufacturing sector will be the next growth engine for Indian Economics
Growing cyberattacks is a raising concern ,it’s time to evaluate cloud-first strategy
 INTERVIEWS  Placeholder image
ESDS commits to presenting clients with the latest technology

ESDS commits to presenting clients with the latest technology

CommScope celebrates its 25 years of legacy in India by contin

CommScope celebrates its 25 years of legacy in India by contin

A strong brand must also reflect the company values and speak exactly what

Cisco committed to help build trusted, resilient future for or

Cisco committed to help build trusted, resilient future for or

Cisco is delivering on its promise of the AI-driven Cisco Security Cloud to
 HOT PICK  Placeholder image
COLORFUL rolls out an array of gaming laptops

COLORFUL rolls out an array of gaming laptops

Dell Technologies launches new AI-powered commercial PC portfo

Dell Technologies launches new AI-powered commercial PC portfo

Dell Technologies has launched the broadest portfolio of commercial AI lap
Canon India Introduces 4K Remote PTZ Camera Controller & 4K In

Canon India Introduces 4K Remote PTZ Camera Controller & 4K In

Canon India, a leading company in digital imaging solutions, further solidi
 MAKE IN INDIA BRANDS   Placeholder image
MATRIX COMSEC PVT. LTD. 

MATRIX COMSEC PVT. LTD. 


AMARA RAJA POWER SYSTEMS LTD.

AMARA RAJA POWER SYSTEMS LTD.


SECUREYE SERVICES PVT. LTD. 

SECUREYE SERVICES PVT. LTD. 


OPTIEMUS INFRACOM

OPTIEMUS INFRACOM


 EMINENT CIO'S OF INDIA  EMINENT CIO'S OF INDIA

Understanding the business dynamics and furnishing innovative solutions

Our mantra is simple: work with businesses to unde...

Providing solid foundations for an ever-changing Tech world

As a civil company we use technology to improve th...

New Edge Technologies making life processes easy

Brand strategy can help you to plot your brand dis...

 ICONS OF INDIA  Placeholder image

Technology Icons Of India 2023: Ashish Kumar Chauhan

Ashish works as the CEO of the National Stock Exchange (NSE). He is al...

Technology Icons Of India 2023: Som Satsangi

With more than three decades in the IT Sector, Som is responsible for ...

Technology Icons Of India 2023: Debjani Ghosh

Debjani Ghosh is the first woman president of NASSCOM (the umbrella bo...

 PARTNER SPEAKERS  EMINENT CIO'S OF INDIA

Creating a valuable and profitable long term business relationship to scale business growth

iValue is the center of the ecosystem, where it connects its channel partners ...

Arrow PC Network Empowering Businesses with Visionary Technology Solutions for a Brighter Future

Being in the IT Sector for more than 30 years, the Founder & MD of Arrow PC Ne...

How can organizations leverage digital technology to ideate, execute, and optimize marketing campaigns?

Marketers now leverage a wide range of AI-powered tools and digital engagement...

 PSU  Placeholder image

NPCI leading India towards Digital payments  

The National Payments Corporation of India (NPCI) is an initiative tak...

New defence PSUs will help India become self-reliant 

MIL, India’s biggest manufacturer and market leader is engaged in Pr...

STPI encouraging software exports from India  

Software Technology Parks of India (STPI) is an S&T organization under...

 VIDEOS  Placeholder image

 Top 25 Brands  Solution partners

Most Trusted Brands 2023 : Wipro Limited  

Wipro is a leader in innovation, and it has a strong track record of developin...

Most Trusted Brands 2023 : Microsoft Corporation (I) Pvt.Ltd   

Google is credited for electrifying the online world by creating the Web’s b...

Most Trusted Brands 2023 : Infosys Limited  

With 40+ years of service, Infosys enables clients with an AI-powered core, em...

 Value-Added Distribution  Value-Added Distribution

B D SOFTWARE

BD Software is the distributor of IT security solutions in India. The ...

INTEGRA MICRO SYSTEMS PVT. LTD.

Integra is a leading provider of innovative hi-technology products an...

TEXONIC INSTRUMENTS

Texonic has carved a niche for itself in the Technology Distribution i...

 ITFORUM 2024  
 WIITF 2024  
   
 CMO of the Year   Placeholder image
 WOMEN LEADERSHIP  Placeholder image
 EMINENT CIO's OF INDIA   Placeholder image
 TRENDS IN TECHNOLOGY  Placeholder image
MORE VIDEOS  Placeholder image
Brand Book
Brand Book
Brand Book
Brand Book
 ADVERTISEMENTS  Placeholder image
 TECHNOLOGY DISRUPTION Placeholder image

Headcount downsizes attributed largely due to increased automation

Headcount downsizes attributed largely due to increased automation

Storage is a key component of digital transformation

Storage is a key component of digital transformation

Apollo Hospitals partners with Google Cloud to boost India’s healthcare ecosystem

Apollo Hospitals partners with Google Cloud to boost India’s healthcare ecosystem

Microsoft adds new capability to Excel to handle scientific data better

Microsoft adds new capability to Excel to handle scientific data better

 UNICORNS REVOLUTIONISING Placeholder image

Info Edge (India) Limited

Info Edge (India) Limited

Mensa Brand Technologies Private Limited

Mensa Brand Technologies Private Limited

Think and Learn private limited

Think and Learn private limited

Chargebee Technologies Private Limited

Chargebee Technologies Private Limited


Copyright www.mybrandbook.co.in @1999-2024 - All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission of Kalinga Digital Media Pvt. Ltd. is prohibited.
Other Initiatives : www.varindia.com | www.spoindia.org
ADMIRED BRANDS

AFTER MARKET SERVICES

CATEGORIES

DISTRIBUTORS & VADs
GOVERNMENT BODIES

INDUSTRY BODIES

MAKE IN INDIA

CONTACT US

SUBSCRIBE NOW