Archive | Security & Privacy

Recent Zimbra XXE / SSRF Vulnerability Disclosure

Hello Zimbra Friends, Background The Zimbra Security team has been working with security researcher An Trinh in advance of his recently-published blog post. In the blog, Trinh details his findings regarding a vulnerability which, if exploited, could allow an attacker to remotely execute code on an affected Zimbra system. To secure supported versions of Zimbra […]

Continue Reading 2

Want Data Sovereignty + Regional Regulation Peace of Mind?

Zimbra customers do. They want to… Host their own communications for improved confidentiality Have complete control over all settings Be able to customize the domain name of their messaging Our customers have always valued Zimbra’s security and privacy features. Now we are finding that more and more of our customers are choosing Zimbra for data […]

Continue Reading 0

Two Thirds of Fortune 500 Companies Miss The Mark On Email Security … Do You?

This week, Axios reported … Fortune 500 companies are doing … a lousy job at email security. 330 out of the Fortune 500 companies do not have computers set up to prevent sending fraudulent emails in a firm’s name. If these resource-rich companies have not implemented simple steps to beef up their email security, chances are that […]

Continue Reading 0

What is the Dark Tequila Threat?

Hello Zimbra Friends, This blog post is to update you on the Dark Tequila malicious campaign and its possible impact on Zimbra users. Dark Tequila is a complex, malicious campaign targeting Mexican users, with the primary purpose of stealing financial information and login credentials to popular websites (ranging from code versioning repositories to public file […]

Continue Reading 0

#EFAIL: Zimbra Not Affected

There has been active commentary about the “EFAIL” paper released May 14 by a German and Belgian research team that presented potential vulnerability in PGP and S/MIME encrypted emails. The Zimbra Security team has analyzed the paper and tested Zimbra for any exposure to the EFAIL attack patterns. The Results? Good news. Zimbra S/MIME solutions […]

Continue Reading 0

Zimbra Admin Alert … Potential “memcrashd” attack

Zimbra memcached may face the “memcrashd” attack on port 11211. By default, memcached listens on a server IP address that is accessible on the network and via the internet if there is no firewall. If your Zimbra memcache servers are behind a firewall, we recommend blocking access on port 11211 from the Internet to Zimbra […]

Continue Reading