Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The vulnerability, tracked as CVE-2024-45519, resides in the Zimbra email and collaboration server used by medium and large organizations. When an admin manually changes default settings to enable the postjournal service, attackers can execute commands by sending maliciously formed emails to an address hosted on the server.
Attackers Exploit Critical Zimbra Vulnerability Using Cc’d Email Addresses
Dan Goodin, Ars Technica
Wed, 10/02/2024 - 2:50pm
BING NEWS:
- Thousands of Zimbra servers attacked following email account compromise
A critical vulnerability ... “cc” fields - since researchers from Proofpoint advised Zimbra users to look for malformed, or otherwise suspicious strings, in these fields in incoming email ...
10/4/2024 - 2:26 am | View Link - 'Patch yesterday': Zimbra mail servers under siege through RCE vuln
"Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability ... email addresses, CC fields are populated with base64 strings, which are then parsed and executed ...
10/2/2024 - 12:02 am | View Link - More
Welcome to Wopular
Wopular is an
online newspaper rack,
giving you a summary view of the top headlines from the top news sites.
Senh Duong (Founder)
Wopular,
MWB,
RottenTomatoes
MoviesWithButter : Our Sister Site
- "Expendables 4" Starts Shooting This Fall, Says Randy Couture at the Arnold Sports Festival more
- “Expendables 4” Gets Funding Interest from “Ip Man 3” Financier more
- "Ip Man 3" Distributor Suspected of Box Office Fraud, Parent Company Loses $200M in Market Cap more
- Yen Targets "Ip Man 4" for 2018 Release; Discusses Film with Director, Producer more
- "Ip Man 3" Shatters Expectations with $72M Opening [China Box Office] more