Security News

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as...

Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. "The leaked credentials can then be relayed against the Exchange server to gain privileges as the victim client and to perform operations on the Exchange server on the victim's behalf."

Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update.Extended Protection will automatically be toggled on by default when installing Exchange Server 2019 CU14 to strengthen Windows Server auth functionality to mitigate authentication relay and man-in-the-middle attacks.

Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update."After updating to Version 2401 Build 17231.20182 Outlook stops connecting when using the Exchange ActiveSync protocol," Microsoft said.

On January 12, 2024, Microsoft discovered that Russian hackers breached its systems in November 2023 and stole email from their leadership, cybersecurity, and legal teams.Microsoft now explains that the threat actors used residential proxies and "Password spraying" brute-force attacks to target a small number of accounts, with one of these accounts being a "Legacy, non-production test tenant account."

In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today's interconnected and digital world. Thus,...

Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. "Per the Exchange Server 2019 lifecycle, Exchange Server 2019 is now in Extended support. But, as we said last November, a lot more is coming for Exchange Server 2019," said Microsoft Exchange Product Marketing Manager Scott Schnoll on Monday.

A Verato survey offers perspectives on the data management strategies of healthcare executives, highlighting the crucial role of Healthcare Master Data Management in addressing key gaps, facilitating seamless data exchange, and aligning with the mandates of the 21st Century Cures Act. The 21st Century Cures Act set standards for the secure and frictionless exchange of data among payers, providers and consumers, including the establishment of an information-blocking rule that was finalized earlier this year.

Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. The two affected companies are Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange on the Solana blockchain platform that Ahmed hacked using his blockchain audit and smart contract reverse engineering skills.

With its innovative feature for generating reliable Vulnerability Exploitability eXchange documents, Kubescape became the first open-source project to provide this functionality. Vulnerability Exploitability eXchange is a standard that facilitates the sharing and analyzing of information about vulnerabilities and their potential for exploitation.