Archive | Security & Privacy

Did You Know? Zimbra Two-Factor Authentication!

Did you know that Zimbra 8.7 (now available!) has two-factor authentication (2FA) available? If you don’t know what 2FA is, it is an extra layer of security for your email account. With 2FA enabled, to log into your Zimbra account, you need your password and a code generated by your smartphone. Enabling 2FA is easy, […]

Continue Reading

Did You Know? Zimbra 8.7 is here!

Did you know that the long-awaited Zimbra 8.7 is now available? Click here to read more about the new features. The most exciting new feature for Zimbra end-users like you is Two-Factor Authentication (2FA). Zimbra 2FA protects your email security with an extra physical layer (something you possess). If you enable 2FA, you must have […]

Continue Reading

Security news – Zimbra ransomware written in python

Lawrence Abrams of Bleeping Computer has reported that there is a new ransomware variant, written in Python, that is targeting ZCS server data under /opt/zimbra/store/. Note: You might have read some articles about this issue, where the articles try to encourage the user to download software to remove a possible ransomware, usually this articles or pages are tools for Windows™ operating system […]

Continue Reading

Zimbra Collaboration 8.7 and Zimbra Desktop, 2FA and Password Lock

Zimbra wants to offer better Security on our products, so I’m thrilled to introduce two new features that Zimbra Desktop 7.2.8 brings to the public. Zimbra Desktop – Password Lock Starting with Zimbra Desktop 7.2.8, the end user can protect Zimbra Desktop with a password. You will find this new feature in Preferences > All […]

Continue Reading

Zimbra Collaboration 8.6 Patch 4 and previous (CWE-79, CVE-2015-7609) – XSS vulnerabilities

On December 22, 2015, we announced patch 5 for Zimbra Collaboration 8.6. Patch 5 contained fixes for eight security issues, including two cross-site scripting (XSS) vulnerabilities (assigned CVE-2015-7609) that were reported in October of 2015 by security researchers at Fortinet’s Fortiguard Labs. It was a pleasure working with one of the top security companies out there. If […]

Continue Reading

OpenSSL July 2015 Update

On July 9, 2015, OpenSSL issued a security update to correct an issue opened by its June update. Specifically, this issue relates to alternative chains certificate forgery (CVE-2015-1793), i.e. an ability to “cause certain checks on untrusted certificates to be bypassed, such as the CA flag, enabling them to use a valid leaf certificate to act […]

Continue Reading