Security News

We explain how two French researchers hacked the Google Titan security key product, and dig into the Mimecast certificate compromise story to see what we can all learn from it. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Email security company Mimecast on Tuesday revealed that a sophisticated threat actor had obtained a certificate provided to certain customers. According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect, and Sync and Recover products with Microsoft 365 Exchange Web Services.

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 Exchange. The company didn't elaborate on what type of certificate was compromised, but Mimecast offers seven different digital certificates based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast.

"First, if the stolen certificate was used for Mimecast customers to verify the validity of the servers their users' connect to, it would allow an attacker that was able to man-in-the middle the user to server connection to easily decrypt the encrypted data stream and access potentially sensitive information." Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, told Threatpost that attackers could also possibly disable Office 365's Mimecast protections altogether to make an email-borne attack more effective.

Email security company Mimecast has disclosed today that a "Sophisticated threat actor" compromised one of the certificates the company issues for customers to securely connect Microsoft 365 Exchange to their services. "Microsoft recently informed us that a Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor," Mimecast said earlier today.

Mimecast announced the appointment of Shahriar Rafimayeri as chief information officer. "Putting our customers first has always been one of Mimecast's core values," said Peter Bauer, chief executive officer at Mimecast.

Smartsheet announced Mimecast has selected Smartsheet to drive strategic enterprise initiatives across its organization, digitally transform its processes and better service its global customer base. "We turned to Smartsheet to give our teams the structure and scalability needed to execute on strategic initiatives that would enhance our customer experience and move our business forward."

Email and data security provider Mimecast on Thursday announced the acquisition of messaging security company MessageControl. The acquisition, Mimecast says, will strengthen its Email Security 3.0 strategy, which seeks to provide enhanced security at email perimeter and beyond, and within the enterprise.

Mimecast has acquired eTorch, a messaging security provider with solutions designed to help stop social engineering and human identity attacks with the use of machine learning technology. The acquisition of MessageControl strengthens Mimecast's Email Security 3.0 strategy that is designed to improve cybersecurity at the email perimeter, inside the organization and beyond the perimeter.

Security vendor Mimecast has released its fourth annual State of Email Security report for 2020. The report is filled with data about email security, but for those looking for action items Mimecast has provided a list of 10 takeaways that point out particular risks and provide IT security decision makers with some avenues to focus on in the coming months.