Business productivity suite Zimbra is urging administrators to ensure the latest security updates have been added to their systems, as the company fixed a security vulnerability in September.
The security vulnerability in Zimbra’s postjournal service may allow unauthenticated users to execute commands, the company said in a Thursday (Oct. 3) blog post. It’s been dubbed “CVE-2024-45519.”
The patch for this vulnerability was published in early September but various security websites have recently disclosed the vulnerability, according to the post.
“Zimbra administrators are strongly urged to ensure your system is up-to-date with the latest security updates,” the company said in the post. “Keeping Zimbra updated is crucial to protect against known vulnerabilities and maintain a secure environment.”
The company also advised administrators to visit Zimbra_Releases, check the Zimbra Security Center and set up RSS feed notifications to stay informed about security alerts.
“Keeping your Zimbra system secure is as simple as regularly applying the latest patches — don’t wait to update,” the company said in the post.
In its Sept. 4 blog post announcing the patch release, Zimbra said that it addressed and resolved multiple security issues related to cross-site scripting (XSS). The company rated both the patch security severity and the deployment risk as medium.
The FBI reported in April that losses to cybercrime leapt 22% in 2023 compared to the previous year, with American consumers and business owners losing a record $12.5 billion to online scammers.
The agency also said the number of complaints it received about online crime rose 10% last year, reaching a record total of 880,000.
The greatest losses reported to the FBI were due to online investment scams; bogus business emails involving fraudsters compromising legitimate business accounts and tricking unsuspecting consumers into sending money, sensitive data or both; and tech support scams.
Sixty-two percent of executives at large banks reported increases in financial crime over the previous year, according to the PYMNTS Intelligence and Featurespace collaboration, “The State of Fraud and Financial Crime in the U.S.”
The report also found that 25% of these executives perceive the new sophistication of fraud as a barrier to data security.