Archive | Security & Privacy

Patch for Zimbra Daffodil 10.0.2, 9.0.0 Patch-34 & 8.8.15 Patch-41

Security bug fixes and OpenSSL upgrade Zimbra OpenSSL now runs in FIPS-compliant mode by default. This increases security which requires no additional action on your part. However, should you run into issues, you can find steps to disable OpenSSL FIPS in the release notes. This patch upgrades OpenSSL to major version 3.0.x. To safeguard your […]

Continue Reading

Security Update for Zimbra Collaboration Suite Version 8.8.15 CVE-2023-37580

An XSS vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced. We take this matter very seriously and have already taken immediate action to address the issue. Important: This vulnerability has been actively exploited, making it imperative to take immediate action. We strongly recommend […]

Continue Reading

When your security scanner alerts for jspawnhelper in Zimbra

Many administrators rely on third-party security scanners such as Crowdstrike Falcon to analyze their Zimbra server for malicious activity. One process that is frequently reported is jspawnhelper. What is jspawnhelper? While this is not very well documented, jspawnhelper can be run as the result of a call to ProcessBuilder.start() or Runtime.exec() in a java application. […]

Continue Reading

New phishing attacks may use .zip, .mov and other new Internet domains

Beware of fraudulent activities using the newly launched .zip and .mov top-level domains. Phishing attacks have already targeted well-known brands like Microsoft and Okta. Apart from phishing, the new .zip and .mov TLDs have also been used for various malicious purposes like hosting zip bombs, redirecting to YouTube videos, and offering file compression services. Here […]

Continue Reading

Patch for Zimbra Daffodil 10.0.1, 9.0.0 Patch-33 & 8.8.15 Patch-40

Cases of Compromised Servers are still a concern for 9.0.0 and 8.8.15 servers It has come to our attention that compromised systems are still prevalent and have not been adequately cleaned. Proactive security measures is essential for the long-term success of your organization. To safeguard your system, we recommend you always upgrade to the latest […]

Continue Reading

Copyright © 2022 Zimbra, Inc. All rights reserved.

All information contained in this blog is intended for informational purposes only. Synacor, Inc. is not responsible or liable in any manner for the use or misuse of any technical content provided herein. No specific or implied warranty is provided in association with the information or application of the information provided herein, including, but not limited to, use, misuse or distribution of such information by any user. The user assumes any and all risk pertaining to the use or distribution in any form of any subject matter contained in this blog.

Legal Information | Privacy Policy | Do Not Sell My Personal Information | CCPA Disclosures