email server | Breaking Cybersecurity News | The Hacker News

A severe remote code execution vulnerability in Zimbra's enterprise collaboration software and email platform is being actively exploited, with no patch currently available to remediate the issue. The shortcoming, assigned  CVE-2022-41352 , carries a critical-severity rating of CVSS 9.8, providing a pathway for attackers to upload arbitrary files and carry out malicious actions on affected installations. "The vulnerability is due to the method ( cpio ) in which Zimbra's antivirus engine ( Amavis ) scans inbound emails," cybersecurity firm Rapid7  said  in an analysis published this week. The issue is said to have been abused since early September 2022, according to  details  shared on Zimbra forums. While a fix is yet to be released, the software services company is urging users to install the "pax" utility and restart the Zimbra services. "If the  pax package  is not installed, Amavis will fall-back to using cpio, unfortunately the fall-back is i

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a report shared with The Hacker News. "The vulnerability exists in the default configuration and can be exploited with no knowledge of a targeted Horde instance." The issue, which has been assigned the CVE identifier  CVE-2022-30287 , was reported to the vendor on February 2, 2022. The maintainers of the Horde Project did not immediately respond to a request for comment regarding the unresolved vulnerability. At its core, the issue makes it possible for an authenticated user of a Horde instance to run malicious code on the underlying server by taking advantage of a quirk in how the client

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up.  According to the latest reports , cybercriminals are leveraging the heavily exploited ProxyLogon Exchange Server flaws to install a new strain of ransomware called "DearCry." "Microsoft observed a new family of human operated ransomware attack customers – detected as Ransom:Win32/DoejoCrypt.A," Microsoft researcher Phillip Misner  tweeted . "Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers." Microsoft's security intelligence team, in a separate tweet,  confirmed  that it has begun "blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers.&q

OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD , also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers. It was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems. Discovered by experts at Qualys Research Labs, who also reported a similar RCE flaw in the email server application last month, the latest out-of-bounds read issue, tracked as  CVE-2020-8794 , resides in a component of the OpenSMTPD's client-side code that was introduced nearly 5 years ago. Just like the previous issue, which attackers started exploiting in the wild just a day after its public disclosure, the new OpenSMTPD flaw could also let remote hackers execute arbit

Cybersecurity researchers have discovered a new critical vulnerability ( CVE-2020-7247 ) in the OpenSMTPD email server that could allow remote attackers to take complete control over BSD and many Linux based servers. OpenSMTPD is an open-source implementation of the server-side SMTP protocol that was initially developed as part of the OpenBSD project but now comes pre-installed on many UNIX-based systems. According to Qualys Research Labs, who discovered this vulnerability, the issue resides in the OpenSMTPD's sender address validation function, called smtp_mailaddr(), which can be exploited to execute arbitrary shell commands with elevated root privileges on a vulnerable server just by sending specially crafted SMTP messages to it. The flaw affects OpenBSD version 6.6 and works against the default configuration for both, the locally enabled interface as well as remotely if the daemon has been enabled to listen on all interfaces and accepts external mail. "Exploit

A critical remote code execution vulnerability has been discovered in the popular open-source Exim email server software, leaving at least over half a million email servers vulnerable to remote hackers. Exim maintainers today released Exim version 4.92.2 after publishing an early warning two days ago, giving system administrators a heads-up on its upcoming security patches that affect all versions of the email server software up to and including then-latest 4.92.1. Exim is a widely used, open source mail transfer agent (MTA) software developed for Unix-like operating systems such as Linux, Mac OSX or Solaris, which runs almost 60% of the internet's email servers today for routing, delivering and receiving email messages. Tracked as CVE-2019-15846 , the security vulnerability only affects Exim servers that accept TLS connections, potentially allowing attackers to gain root-level access to the system "by sending an SNI ending in a backslash-null sequence during the ini

What could be more frightening than a service informing you that all your data is gone—every file and every backup servers are entirely wiped out? The worst nightmare of its kind. Right? But that's precisely what just happened this week with VFEmail.net, a US-based secure email provider that lost all data and backup files for its users after unknown hackers destroyed its entire U.S. infrastructure, wiping out almost two decades' worth of data and backups in a matter of few hours for no apparent reason. Started in 2001 by Rick Romero, VFEmail provides secure, private email services to companies and end users, both free and paid-for. Describing the attack as "catastrophic," the privacy-focused email service provider revealed that the attack took place on February 11 and that "all data" on their US servers—both the primary and the backup systems—has been completely wiped out, and it's seemingly beyond recovery. "Yes, @VFEmail is effectivel

When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump and his supporters are continuously criticizing Clinton's use of a private email server. And here's what Trump lectured in a debate about cybersecurity: "The security aspect of cyber is very, very tough. And maybe it's hardly doable. But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly, cyber is one of them." Forget Clinton; Trump has so worryingly insecure internet setup that anyone with little knowledge of computers can expose almost everything about Trump and his campaign. Security researcher Kevin Beaumont,