Security News

Microsoft to start retiring Exchange Web Services in October 2026
2023-09-19 16:28

Microsoft said today that the Exchange Web Services API for Exchange Online and Office 365 will be retired in approximately three years. These resources can be retrieved from various sources, including Exchange Online, Exchange Online as part of Office 365, and on-premises editions of Exchange.

Microsoft adds HSTS support to Exchange Server 2016 and 2019
2023-08-29 16:19

Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security. Microsoft provides detailed information on configuring HSTS on Exchange Server 2016 and 2019 via PowerShell or the Internet Information Services Manager on its documentation website.

Microsoft will enable Exchange Extended Protection by default this fall
2023-08-28 19:20

Microsoft announced today that Windows Extended Protection will be enabled by default on servers running Exchange Server 2019 starting this fall after installing the 2023 H2 Cumulative Update. Extended Protection is a feature that strengthens Windows Server auth functionality to mitigate authentication relay or "Man in the middle" attacks.

US cyber safety board to analyze Microsoft Exchange hack of govt emails
2023-08-11 17:35

The Department of Homeland Security's Cyber Safety Review Board has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. In mid-July 2023, Microsoft reported that a Chinese hacking group tracked as 'Storm-0558' breached the email accounts of 25 organizations, including US and Western European government agencies, using forged authentication tokens from a stolen Microsoft consumer signing key.

Microsoft Exchange updates pulled after breaking non-English installs
2023-08-10 18:26

Microsoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs. [...]

Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database
2023-07-26 04:00

Though Exchange recovery is possible with the native tools, Exchange Administrators would face long hours of downtime. To come out of such sticky situations, you can bank on specialized third-party software, like Stellar Toolkit for Exchange, that can help in repairing and recovering corrupt databases after Exchange failure or any other issue.

Microsoft Exchange servers compromised by Turla APT
2023-07-20 12:05

Turla has been targeting defense sector organizations in Ukraine and Eastern Europe with DeliveryCheck and Kazuar backdoors / infostealers and has been using compromised Microsoft Exchange servers to control them. Turla APT. Turla is a sophisticated and persistent APT group that has been active for over 10 years and is believed to be sponsored by the Russian state.

Microsoft: Hackers turn Exchange servers into malware control centers
2023-07-19 19:06

Microsoft and the Ukraine CERT warn of new attacks by the Russian state-sponsored Turla hacking group, targeting the defense industry and Microsoft Exchange servers with a new 'DeliveryCheck' malware backdoor. The cyberspies have been associated with a wide array of attacks against Western interests over the years, including the Snake cyber-espionage malware botnet that was recently disrupted in an international law enforcement operation titled Operation MEDUSA. In a coordinated report and Twitter thread published today by CERT-UA and Microsoft, researchers outline a new attack where the Turla threat actors target the defense sector in Ukraine and Eastern Europe.

Microsoft expands access to cloud logging data for free after Exchange hacks
2023-07-19 15:39

Microsoft is expanding access to additional cloud logging data for customers worldwide at no additional cost, allowing easier detection of breached networks and accounts.This wider availability comes after Chinese hackers stole a Microsoft signing key that allowed them to breach corporate and government Microsoft Exchange and Microsoft 365 accounts to steal email.

Microsoft Exchange Online hit by new outage blocking emails
2023-07-18 09:06

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.