Category Archives: Exchange

Microsoft Azure vulnerability exposed thousands of cloud databases

Posted on by

Microsoft is warning customers of its Azure cloud platform about a software vulnerability that exposed data belonging to thousands of clients for roughly two years. The flaw would have allowed any Azure Cosmos DB user to read, write and delete another customer’s information without authorization, researchers found. Cosmos DB is used by thousands of organizations, including Coca Cola, Exxon Mobil and a number of other Fortune 500 companies. Microsoft has since resolved the issue, the company said. “We fixed this issue immediately to keep our customers safe and protected,” a Microsoft spokesperson told CyberScoop. There was no evidence that hackers or any other outsider exploited the vulnerability to access customer data, according to the company. Reuters first reported on the vulnerability, which was discovered by Wiz research team. Microsoft fixed the vulnerability within 48 hours of its disclosure on August 12, but that the vulnerability had been exploitable since mid-2019, […]

The post Microsoft Azure vulnerability exposed thousands of cloud databases appeared first on CyberScoop.

Continue reading Microsoft Azure vulnerability exposed thousands of cloud databases

Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks

Posted on by

A fresh wave of attacks against Microsoft Exchange has government cybersecurity officials on guard for a possible repeat of the chaos hackers rendered earlier this year by exploiting a different vulnerabilities in the popular workplace mail server. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an urgent warning Saturday that cybercriminals are actively exploiting months-old vulnerabilities in Microsoft’s ProxyShell. CISA recommended that customers update their systems using software patches that Microsoft released in May to address the vulnerabilities. National Security Agency Cybersecurity Director Rob Joyce also urged companies to patch against the vulnerabilities. Huntress Labs first reported the surge in attacks against unpatched Microsoft Exchange servers on Friday. Targeted organizations include “seafood processors, industrial machinery, auto repair shops, a small residential airport and more,”  Huntress Labs CEO Kyle Hanslovan tweeted. As of Sunday, the firm reported 164 total compromised servers. The trio of vulnerabilities can be used to […]

The post Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks appeared first on CyberScoop.

Continue reading Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks

ManageEngine ADSelfService Plus offers MFA for OWA and EAC to increase mailbox security

Posted on by

ManageEngine announced that ADSelfService Plus, its integrated Active Directory self-service password management and single sign-on solution, now offers multi-factor authentication (MFA) for Outlook on the Web (OWA) and Exchange admin center (EAC) logi… Continue reading ManageEngine ADSelfService Plus offers MFA for OWA and EAC to increase mailbox security

AppOmni’s platform protects companies against cloud and SaaS breaches

Posted on by

From ransomware to data breaches, global cybersecurity incidents against organizations, governments, and individuals are on the rise. There have been a multitude of attacks over the past year, from SolarWinds and Kaseya to the Microsoft Exchange attack… Continue reading AppOmni’s platform protects companies against cloud and SaaS breaches

Hoja de ruta estratégica para garantizar la seguridad de Exchange

Posted on by

Con el gran salto en la adopción de entornos de trabajo remotos, los ciberdelincuentes están centrando su atención en las vulnerabilidades de seguridad de estos entornos. Además, proteger las conexiones remotas es cada vez más difícil porque las técni… Continue reading Hoja de ruta estratégica para garantizar la seguridad de Exchange

Cyber Security Roundup for April 2021

Posted on by

  
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, March 2021.

How not to disclosure a Hack
UK fashion retailer FatFace angered customers in its handli… Continue reading Cyber Security Roundup for April 2021

This Week in Security: APT Targeting Researchers, and Someone Watching All the Cameras

Posted on by

Microsoft’s Patch Tuesday just passed, and it’s a humdinger. To add the cherry on top, two seperate BSOD inducing issues led to Microsoft temporarily pulling the update.

Among the security vulnerabilities fixed is CVE-2021-26897, another remote code exploit in the …read more

Continue reading This Week in Security: APT Targeting Researchers, and Someone Watching All the Cameras

Exchange compromise affected company – should we 100% change administrator password?

Posted on by

We host exchange on premise (exchange 2013). We believe following MS’s guides and guidelines that we were compromised regarding the exchange zero days hack. We did find some .aspx files that did not appear to be from us in our inetpub di… Continue reading Exchange compromise affected company – should we 100% change administrator password?