Safeguard
Tag

email-security

Safeguard articles tagged "email-security" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Application Security

Preventing SMTP injection vulnerabilities in email-sending code

A crafted From address turned PHPMailer into a remote code execution bug in 2016 — here's how header injection works and how to stop it.

Jul 13, 20266 min read
Vulnerability Analysis

CVE-2024-45519 Zimbra Unauth RCE Breakdown

A technical breakdown of CVE-2024-45519, the unauthenticated RCE in Zimbra's postjournal service, how it was exploited in the wild, and what defenders should take away.

Feb 25, 20267 min read
Industry Analysis

How to set up SPF, DKIM, and DMARC for email security

A step-by-step guide to setting up SPF, DKIM, and DMARC records to stop email spoofing and secure your domain sending reputation.

Feb 7, 20268 min read
Incident Analysis

Microsoft Breached by Midnight Blizzard: Russian Hackers Read Executive Emails

In January 2024, Microsoft disclosed that the Russian state-sponsored group Midnight Blizzard had been reading emails of senior executives and security team members since November 2023, using a password spray attack against a legacy test account.

Jan 19, 20247 min read
Social Engineering

Email Security and Supply Chain Phishing Attacks

Phishing remains the top initial access vector for supply chain attacks. Targeted emails against developers, maintainers, and DevOps engineers open the door to code injection, credential theft, and pipeline compromise.

Mar 8, 20236 min read
Zero-Day Exploits

Zimbra CVE-2022-37042: Authentication Bypass in a Widely Used Email Platform

CVE-2022-37042 allowed unauthenticated attackers to upload web shells to Zimbra email servers. Over 1,000 servers were compromised before most admins knew about it.

Aug 10, 20226 min read
email-security — Safeguard Blog