Security News > 2021 > February > Hacked by SolarWinds backdoor masterminds, Mimecast now lays off staff after profit surge

Email security biz Mimecast not only fell victim to the SolarWinds hackers, leading to its own customers being attacked, it is also trimming its workforce amid healthy profits.

Last month Mimecast revealed that one of its cryptographic certificates was purloined by the same team that smuggled a hidden backdoor into SolarWinds' Orion network monitoring software.

Mimecast offers security services that plug into Microsoft 365 accounts, and someone with that certificate could therefore tap into Mimecast-Microsoft customer connections and steal information.

If you have one of the following with firmware 10.x, you need to apply a security update: SMA 200, SMA 210, SMA 400, or SMA 410 physical boxes, or a virtual SMA 500v system on Azure, AWS, ESXi, or HyperV. The biz said it was alerted to the hole by security shop NCC Group on January 31.

The research wing of the US military, DARPA, has released the results of its reward program for vulnerability finders, dubbed the Finding Exploits to Thwart Tampering Bug Bounty, or FETT. One goal of FETT was to check the effectiveness of DARPA's System Security Integration Through Hardware and Firmware project, using a mix of their own penetration testers and independents from security org Synack.

The results weren't great: more than half of teachers haven't had any computer security training, and 60 per cent of all staff weren't aware of security alerts about remote learning.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/07/in_brief_security/