Security News > 2021 > January > Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365

Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365
2021-01-13 00:41

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 Exchange.

The company didn't elaborate on what type of certificate was compromised, but Mimecast offers seven different digital certificates based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast.

Mimecast is a cloud-based email management service for Microsoft Exchange and Microsoft Office 365, offers users email security and continuity platform to safeguard them from spam, malware, phishing, and targeted attacks.

The compromised certificate is used to verify and authenticate Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect products to M365 Exchange Web Services.

Mimecast on Tuesday formally confirmed that the attackers behind the SolarWinds hack were responsible for compromising a digital certificate the firm provided to secure connections to Microsoft 365 Exchange.

The credentials are used to establish connections from Mimecast tenants to on-premise and cloud services, such as LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/8SBSY6Y9KFE/hackers-steal-mimecast-certificate-used.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2820 161 4400