all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Email Security Flaw Found in the Wild

Add to bookmarks
Nov. 21, 2023, 12:05 p.m. | Bruce Schneier

Schneier on Security www.schneier.com

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world.


TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To ensure protection against these types of exploits, TAG urges users and organizations to keep software fully up-to-date and apply security updates as soon as they …

analysis authentication bug collaboration credentials cross site scripting data e-mail email email data email security email server exploiting fix flaw found google public security security flaw server steal tag threat threat analysis threat analysis group tokens vulnerabilities world zero-day zimbra

Visit resource

More from www.schneier.com / Schneier on Security

AI Voice Scam 7 hours ago | www.schneier.com
artificial intelligence bbc money scam +4
WhatsApp in India 1 day, 7 hours ago | www.schneier.com
courts encryption end end-to-end +5
Whale Song Code 2 days, 7 hours ago | www.schneier.com
basic broadcast code cold +18
Friday Squid Blogging: Searching for the Colossal Squid 4 days, 21 hours ago | www.schneier.com
blog blogging can cruise +7
Long Article on GM Spying on Its Cars’ Drivers 5 days, 7 hours ago | www.schneier.com
article cars companies data +10
The Rise of Large-Language-Model Optimization 6 days, 7 hours ago | www.schneier.com
artificial intelligence coming easy end +12
Dan Solove on Privacy Regulation 1 week ago | www.schneier.com
academic papers article consent dan +6
Microsoft and Security Incentives 1 week, 1 day ago | www.schneier.com
capabilities companies cyber cybersecurity +16
Using Legitimate GitHub URLs for Malware 1 week, 2 days ago | www.schneier.com
attack attacker attack vector can +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

EY- GDS- Cybersecurity- Staff

@ EY | Miguel Hidalgo, MX, 11520
View on infosec-jobs.com

Staff Security Operations Engineer

@ Workiva | Ames
View on infosec-jobs.com

Public Relations Senior Account Executive (B2B Tech/Cybersecurity/Enterprise)

@ Highwire Public Relations | Los Angeles, CA
View on infosec-jobs.com

Airbus Canada - Responsable Cyber sécurité produit / Product Cyber Security Responsible

@ Airbus | Mirabel
View on infosec-jobs.com

Investigations (OSINT) Manager

@ Logically | India
View on infosec-jobs.com

Security Engineer I, Offensive Security Penetration Testing

@ Amazon.com | US, NY, Virtual Location - New York
View on infosec-jobs.com
View more jobs