Security News

Lawyers cough up $200k after health data stolen in Microsoft Exchange pillaging
2023-03-27 22:45

New York law firm Heidell, Pittoni, Murphy and Bach has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world. New York Attorney General Letitia James, who brought the lawsuit against the lawyers, blamed HPMB's poor data security practices for the privacy breach.

Exchange Online to block emails from vulnerable on-prem servers
2023-03-27 21:43

Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "Persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them.It will also be able to throttle and eventually block emails from Exchange servers that haven't been remediated before reaching Exchange Online mailboxes.

Microsoft shares fix for Outlook login errors in Exchange environments
2023-03-07 17:30

Microsoft has shared a fix for Outlook sign-in errors that iOS and Android users may encounter with mailboxes in some Exchange environments. "The error occurs in a hybrid Exchange environment, for mailboxes in on-premises Microsoft Exchange Server or Exchange Online," the company said in a support document released on Tuesday.

Microsoft Exchange Online outage blocks access to mailboxes worldwide
2023-03-01 19:02

Microsoft is investigating an ongoing outage blocking Exchange Online customers worldwide from accessing their mailboxes or sending/receiving emails. Affected users see "550 5.4.1 Recipient address rejected: Access denied" errors when trying to send or when receiving messages, starting today at 1:11 PM UTC. "We're investigating an issue wherein users may be unable to access their Exchange Online mailboxes via any connection method. Additional details can be found within the Service Health Dashboard under EX522020," Microsoft tweeted earlier today.

Microsoft Exchange admins advised to expand antivirus scanning
2023-02-27 12:30

After having stressed the importance of keeping Exchange servers updated last month, Microsoft is advising administrators to widen the scope of antivirus scanning on those servers. Microsoft Exchange servers in attackers' crosshairs.

Microsoft: For better security, scan more Exchange server objects
2023-02-26 09:00

Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded. Microsoft late last month urged Exchange server users to make sure their systems are up-to-date with the latest Cumulative and Security updates and hardened against cyberattacks.

Microsoft urges Exchange admins to remove some antivirus exclusions
2023-02-23 21:59

Microsoft says admins should remove some previously recommended antivirus exclusions for Exchange servers to boost the servers' security. "Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues," the Exchange Team said.

Microsoft Exchange ProxyShell flaws exploited in new crypto-mining attack
2023-02-16 21:03

A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021.

Microsoft: Exchange Server 2013 reaches end of support in April
2023-02-14 19:30

Microsoft has reminded admins that Exchange Server 2013 is reaching its extended end-of-support date in 60 days, on April 11, 2023. The first version of Exchange Server 2013 was released in January 2013, and it reached its mainstream end date four years ago, in April 2018.

Guy accused of wrecking crypto exchange now hauled into court
2023-02-03 19:30

The man accused of bringing down decentralized crypto exchange Mango Markets through market manipulation has made his first appearance in court in connection with the theft of millions in cryptocurrency. Avraham Eisenberg was arrested in late December in Puerto Rico in relation to charges [PDF] filed by the US Securities and Exchange Commission, which allege he made off with more than $110 million in crypto "By artificially manipulating the price of certain perpetual futures contracts."