Attacks linked to a Chinese threat actor have exploited a Zimbra’s zero-day vulnerability and are stealing emails linked to European government and media.
Researchers say that at the time of writing the exploit has no available patch.
Zimbra says that more than 200,000 businesses from over 140 countries are using its software, including over 1,000 government and financial organizations.
The vulnerability allows attackers to perform a number of malicious actions. These include exfiltrating cookies to allow persistent access to a mailbox, sending phishing messages to the user’s contacts and displaying prompt to download malware from trusted websites.
 
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy settings
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance

source

You May Also Like

Fraudsters abuse Twitter APIs to monitor public tweets and pish cryptocurrency scams

Fraudsters use bots to monitor Tweets requesting support to MetaMask, TrustWallet, and…

Most Inspiring Women in Cyber 2021: Rea James, Global Cyber Strategic Threat Intelligence Lead at Vodafone

The IT Security Guru’s Most Inspiring Women in Cyber Awards aims to…