Email Security Flaw Found in the Wild

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world.

TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To ensure protection against these types of exploits, TAG urges users and organizations to keep software fully up-to-date and apply security updates as soon as they …

analysis authentication bug collaboration credentials cross site scripting data e-mail email email data email security email server exploiting fix flaw found google public security security flaw server steal tag threat threat analysis threat analysis group tokens vulnerabilities world zero-day zimbra