Tag Archives: email

Attackers exploit critical Zimbra vulnerability using cc’d email addresses

Attackers are actively exploiting a critical vulnerability in mail servers sold by Zimbra in an attempt to remotely execute malicious commands that install a backdoor, researchers warn. The vulnerability, tracked as CVE-2024-45519, resides in the Zimbra email and collaboration server used by medium and large organizations. When an admin manually changes default settings to enable… Read More »

Exim vulnerability affecting 1.5 million servers lets attackers attach malicious files

reader comments 3 More than 1.5 million email servers are vulnerable to attacks that can deliver executable attachments to user accounts, security researchers said. The servers run versions of the Exim mail transfer agent that are vulnerable to a critical vulnerability that came to light 10 days ago. Tracked as CVE-2024-39929 and carrying a severity… Read More »

Critical vulnerabilities in Exim threaten over 250k email servers worldwide

Getty Images reader comments 21 with Thousands of servers running the Exim mail transfer agent are vulnerable to potential attacks that exploit critical vulnerabilities, allowing remote execution of malicious code with little or no user interaction. The vulnerabilities were reported on Wednesday by Zero Day Initiative, but they largely escaped notice until Friday when they… Read More »

Typo leaks millions of US military emails to Mali web operator

reader comments 96 with Millions of US military emails have been misdirected to Mali through a “typo leak” that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords, and the travel details of top officers. Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the… Read More »

Critical Barracuda 0-day was used to backdoor networks for 8 months

reader comments 15 with A critical vulnerability patched 10 days ago in widely used email software from IT security company Barracuda Networks has been under active exploitation since October. The vulnerability has been used to install multiple pieces of malware inside large organization networks and steal data, Barracuda said Tuesday. The software bug, tracked as… Read More »

Threat actors are using advanced malware to backdoor business-grade routers

reader comments 13 with Share this story Researchers have uncovered advanced malware that’s turning business-grade routers into attacker-controlled listening posts that can sniff email and steal files in an ongoing campaign hitting North and South America and Europe. Besides passively capturing IMAP, SMTP, and POP email, the malware also backdoors routers with a remote access… Read More »

Hackers can mess with HTTPS connections by sending data to your email server

reader comments 41 with 29 posters participating Share this story When you visit an HTTPS-protected website, your browser doesn’t exchange data with the webserver until it has ensured that the site’s digital certificate is valid. That prevents hackers with the ability to monitor or modify data passing between you and the site from obtaining authentication… Read More »