Archive | Security & Privacy

Half of All Email Systems will be Replaced in Two Years

Today, Zimbra announced the results of the Ponemon Institute’s “The Open Source Collaboration Study: Viewpoints on Security and Privacy in the U.S. and EMEA” report. Sponsored by Zimbra, the study surveyed 1,398 IT and IT security practitioners to learn about their companies’ involvement in the use of open source messaging and collaboration solutions, and their […]

Continue Reading

Zimbra Collaboration Updates (8.0.9 & 8.5.1)

Yesterday, Zimbra released updates to Zimbra Collaboration, both the 8.0.x and 8.5.x trees. Security These updates address the OpenSSL security advisory dated October 15 and provide a partial fix for POODLE (due to the need for both client and server changes). Zimbra Collaboration 8.0.9 and 8.5.1 update the OpenSSL libraries for nginx, OpenLDAP and Postfix […]

Continue Reading

POODLE and SSLv3

This week has brought about the latest security vulnerability. Google’s Thai Duong, Krzysztof Kotowicz, and Bodo Möller made the vulnerability — POODLE (Padding Oracle On Downgraded Legacy Encryption) — public on Tuesday, October 14, 2014. POODLE is a padding oracle attack affecting Secure Sockets Layer (SSL) version 3 and in particular, CBC-mode ciphers. This vulnerability […]

Continue Reading

The Shellshock Flaw

***Security Alert*** [Update 2 | September 30, 2014, 9:10am CST] Apple has released at update. [Update 1 | September 26, 2014, 11:40am CST] Red Hat has released a full patch. [Original Post | September 25, 2014, 1:45pm CST] Zimbra is aware and has been closely monitoring the developments of the Shellshock vulnerability. At this time, […]

Continue Reading

Forums.zimbra.com Incident and Resolution

On Sunday, August 31, Zimbra’s information security and technology team noticed unusual activity on the Zimbra vBulletin forum on Zimbra.com. We immediately took steps to limit the impact of the malicious activity. This did not affect customer, partner or employee data. This was not a breach of Zimbra products. Immediate action was taken to ensure […]

Continue Reading

Microsoft Ruling a Setback to Data Privacy?

For any organization that relies on cloud-based email, there is an important legal decision that may affect your company’s data privacy. In the most recent round of judgment against Microsoft, there are noteworthy remarks from US District Judge Loretta Preska and lawyers for the US Justice Department. “It is a question of control, not a […]

Continue Reading