Archive | Security & Privacy

The Shellshock Flaw

***Security Alert*** [Update 2 | September 30, 2014, 9:10am CST] Apple has released at update. [Update 1 | September 26, 2014, 11:40am CST] Red Hat has released a full patch. [Original Post | September 25, 2014, 1:45pm CST] Zimbra is aware and has been closely monitoring the developments of the Shellshock vulnerability. At this time, […]

Continue Reading

Forums.zimbra.com Incident and Resolution

On Sunday, August 31, Zimbra’s information security and technology team noticed unusual activity on the Zimbra vBulletin forum on Zimbra.com. We immediately took steps to limit the impact of the malicious activity. This did not affect customer, partner or employee data. This was not a breach of Zimbra products. Immediate action was taken to ensure […]

Continue Reading

Microsoft Ruling a Setback to Data Privacy?

For any organization that relies on cloud-based email, there is an important legal decision that may affect your company’s data privacy. In the most recent round of judgment against Microsoft, there are noteworthy remarks from US District Judge Loretta Preska and lawyers for the US Justice Department. “It is a question of control, not a […]

Continue Reading

Security Advisory on CCS Injection Vulnerability

On June 5, 2014 the OpenSSL project released a security advisory. CVE-2014-0224 can allow for a man-in-the-middle (MITM) attack to be carried out between a vulnerable client and vulnerable server. According to OpenSSL, an attacker using a carefully crafted handshake can force the use of weak keying material in OpenSSL SSL/TLS clients and servers. This can be exploited […]

Continue Reading

Important Read – Critical Security Advisory & Patch for OpenSSL Heartbleed Vulnerability

On April 7, the OpenSSL project issued a Security Advisory that detailed a serious vulnerability in the encryption software in use by two-thirds of the Internet. This vulnerability (nicknamed “Heartbleed”) could potentially allow attackers to retrieve information from encrypted SSL endpoints, including passwords and other credential information. Learn more about the “Heartbleed” security threat from […]

Continue Reading