Messaging Security

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have published a joint security alert for multiple vulnerabilities against Zimbra Collaboration Suite (ZCS).

Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)

The Microsoft November 2022 Security Updates includes patches and advisories for 65 vulnerabilities, including 6 zero-days and 10 Critical severity issues.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.

Zoom patches XMPP vulnerability chain that could allow an attacker to compromise user over Zoom chat

Zoom recommends users upgrade their Zoom client to version 5.10.0 to fix an XMPP vulnerability chain that could enable an attacker to execute remote code and compromise another user over Zoom chat.