email-security
Safeguard articles tagged "email-security" — guides, analysis, and best practices for software supply chain and application security.
6 articles
Preventing SMTP injection vulnerabilities in email-sending code
A crafted From address turned PHPMailer into a remote code execution bug in 2016 — here's how header injection works and how to stop it.
CVE-2024-45519 Zimbra Unauth RCE Breakdown
A technical breakdown of CVE-2024-45519, the unauthenticated RCE in Zimbra's postjournal service, how it was exploited in the wild, and what defenders should take away.
How to set up SPF, DKIM, and DMARC for email security
A step-by-step guide to setting up SPF, DKIM, and DMARC records to stop email spoofing and secure your domain sending reputation.
Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails
In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.
Email Security and Supply Chain Phishing Attacks
Phishing remains the top initial access vector for supply chain attacks. Targeted emails against developers, maintainers, and DevOps engineers open the door to code injection, credential theft, and pipeline compromise.
Zimbra CVE-2022-37042: Authentication Bypass in a Widely Used Email Platform
CVE-2022-37042 allowed unauthenticated attackers to upload web shells to Zimbra email servers. Over 1,000 servers were compromised before most admins knew about it.