Security News

The U.S. Treasury Department's Office of Foreign Assets Control has sanctioned three cryptocurrency exchanges for working with OFAC-designated Russian dark web markets and banks. The first, Bitpapa IC FZC LLC, is a peer-to-peer virtual currency exchange that caters to Russian nationals and has facilitated millions of dollars in transactions with two OFAC-designated Russian entities, Hydra Market and Garantex.

Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. Exchange ActiveSync is a synchronization protocol used by Microsoft Exchange to allow users to access their email, calendar, contacts, and tasks.

Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. Currently, 28,500 servers have been identified as being vulnerable.

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as...

Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. "The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf."

Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update.Extended Protection will automatically be toggled on by default when installing Exchange Server 2019 CU14 to strengthen Windows Server auth functionality to mitigate authentication relay and man-in-the-middle attacks.

Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update."After updating to Version 2401 Build 17231.20182 Outlook stops connecting when using the Exchange ActiveSync protocol," Microsoft said.

On January 12, 2024, Microsoft discovered that Russian hackers breached its systems in November 2023 and stole email from their leadership, cybersecurity, and legal teams.Microsoft now explains that the threat actors used residential proxies and "Password spraying" brute-force attacks to target a small number of accounts, with one of these accounts being a "Legacy, non-production test tenant account."

In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today's interconnected and digital world. Thus,...

Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. "Per the Exchange Server 2019 lifecycle, Exchange Server 2019 is now in Extended support. But, as we said last November, a lot more is coming for Exchange Server 2019," said Microsoft Exchange Product Marketing Manager Scott Schnoll on Monday.