Security News

Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
2023-12-02 18:54

Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws. Internet scans from The ShadowServer Foundation show that there are close to 20,000 Microsoft Exchange servers currently reachable over the public internet that have reached the end-of-life stage.

Poloniex crypto-exchange offers 5% cut to thieves if they return that $120M they nicked
2023-11-10 18:51

The founder of the Poloniex has offered to pay off thieves who drained an estimated $120 million of user funds from the cryptocurrency exchange in a raid on Friday. "We are offering a five percent white hat bounty to the Poloniex hacker," Sun wrote.

New Microsoft Exchange zero-days allow RCE, data theft attacks
2023-11-03 15:14

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. ZDI-23-1578 - A remote code execution flaw in the 'ChainedSerializationBinder' class, where user data isn't adequately validated, allowing attackers to deserialize untrusted data.

Exchange Online mail delivery issues caused by anti-spam rules
2023-10-11 16:10

Microsoft is investigating Exchange Online mail delivery issues causing "Server busy" errors and delays when receiving emails from outside organizations. According to user reports online, the Exchange Online problems started this morning, affecting Microsoft 365 customers worldwide, across the Americas, Europe, and Asia.

Microsoft Exchange gets ‘better’ patch to mitigate critical bug
2023-10-10 20:03

The Exchange Team asked admins to deploy a new and "Better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August. Tracked as CVE-2023-21709 and patched during August 2023 Patch Tuesday, the security flaw enables unauthenticated attackers to escalate privileges on unpatched Exchange servers in low-complexity attacks that don't require user interaction.

Microsoft to start retiring Exchange Web Services in October 2026
2023-09-19 16:28

Microsoft said today that the Exchange Web Services API for Exchange Online and Office 365 will be retired in approximately three years. These resources can be retrieved from various sources, including Exchange Online, Exchange Online as part of Office 365, and on-premises editions of Exchange.

Microsoft adds HSTS support to Exchange Server 2016 and 2019
2023-08-29 16:19

Microsoft announced today that Exchange Server 2016 and 2019 now come with support for HTTP Strict Transport Security. Microsoft provides detailed information on configuring HSTS on Exchange Server 2016 and 2019 via PowerShell or the Internet Information Services Manager on its documentation website.

Microsoft will enable Exchange Extended Protection by default this fall
2023-08-28 19:20

Microsoft announced today that Windows Extended Protection will be enabled by default on servers running Exchange Server 2019 starting this fall after installing the 2023 H2 Cumulative Update. Extended Protection is a feature that strengthens Windows Server auth functionality to mitigate authentication relay or "Man in the middle" attacks.

US cyber safety board to analyze Microsoft Exchange hack of govt emails
2023-08-11 17:35

The Department of Homeland Security's Cyber Safety Review Board has announced plans to conduct an in-depth review of cloud security practices following recent Chinese hacks of Microsoft Exchange accounts used by US government agencies. In mid-July 2023, Microsoft reported that a Chinese hacking group tracked as 'Storm-0558' breached the email accounts of 25 organizations, including US and Western European government agencies, using forged authentication tokens from a stolen Microsoft consumer signing key.

Microsoft Exchange updates pulled after breaking non-English installs
2023-08-10 18:26

Microsoft has pulled Microsoft Exchange Server's August security updates from Windows Update after finding they break Exchange on non-English installs. [...]