Security News

Right now that means transitioning purely on-premises environments from Basic Authentication to Auth 2.0, also known as Modern Authentication, or Modern Auth. While this move is aimed at Exchange Server 2019, "Customers who have backend servers running Exchange Server 2016 CU23 are also supported for Modern auth," Microsoft's Exchange Team wrote this month.

Hackers exploited a Level Finance smart contract vulnerability to drain 214,000 LVL tokens from the decentralized exchange and swapped them for 3,345 BNB, worth approximately $1,100,000. While Level Finance said the attack did not affect its liquidity pool and the DAO treasury, and the exploit was isolated from all other contracts, the LVL token lost roughly 50% of its value immediately after the attack was made known.

The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors. The seized sites allowed users to anonymously convert cryptocurrency into harder-to-trace coins to obscure the money trace and help cybercriminals launder their pilfers without being traced by law enforcement.

Microsoft is investigating ongoing Microsoft 365 issues preventing some Exchange Online customers from accessing their mailboxes. According to outage monitoring platform Downdetector, thousands of Microsoft 365 report experiencing server connection and login issues, as well as when accessing their Outlook mailboxes.

Microsoft announced today that Client Access Rules deprecation in Exchange Online will be delayed by one year until September 2024. Microsoft 365 administrators can utilize CARs comprising priority values, exceptions, actions, and conditions to filter client access to Exchange Online using various factors.

Some Exchange Online users who have the RPS feature turned off by Microsoft can now have it re-enabled - at least until September when the tool is retired. Microsoft is moving all of its Exchange Online tenants from the legacy - and increasingly insecure - Remote PowerShell Protocol to the PowerShell v3 module.

Microsoft aims to make it impossible for unsupported and/or unpatched on-prem Microsoft Exchange servers to use the company's Exchange Online hosted cloud service to deliver email. Blocking potentially malicious emails from reaching Exchange Online.

New York law firm Heidell, Pittoni, Murphy and Bach has agreed to pay $200,000 to settle a data-breach lawsuit related to the now-notorious Hafnium Microsoft Exchange attacks that siphoned sensitive data from victims around the world. New York Attorney General Letitia James, who brought the lawsuit against the lawyers, blamed HPMB's poor data security practices for the privacy breach.

Microsoft is introducing a new Exchange Online security feature that will automatically start throttling and eventually block all emails sent from "Persistently vulnerable Exchange servers" 90 days after the admins are pinged to secure them.It will also be able to throttle and eventually block emails from Exchange servers that haven't been remediated before reaching Exchange Online mailboxes.

Microsoft has shared a fix for Outlook sign-in errors that iOS and Android users may encounter with mailboxes in some Exchange environments. "The error occurs in a hybrid Exchange environment, for mailboxes in on-premises Microsoft Exchange Server or Exchange Online," the company said in a support document released on Tuesday.