Microsoft Exchange zero-day vulnerabilities affect an estimated 250,000 on-premise servers. The company is aware of attacks involving a single state-sponsored group that compromised less than ten organizations.
Internal emails reveal that leading furniture retailer IKEA is battling an ongoing campaign of phishing attacks, fueled by internal and vendor accounts that have already been compromised.
The best way to deal with a vulnerability is doing what you can to prevent them from happening in the first place. Oftentimes, cyber risk can be managed even through simple and basic security hygiene practices.
Microsoft Exchange Server’s Autodiscover Feature Leaked Credentials of Over 100,000 Users To Third-Party Untrusted Domains
Guardicore discovered that the Microsoft Exchange server’s Autodiscover feature design flaw leaked credentials of 100,000 users by trying to authenticate on untrusted third-party servers.
US & Intelligence Allies Formally Accuse Chinese State-Backed Hackers of the Microsoft Exchange Cyber Attacks, but Stop Short of Sanctions
The breach of the Microsoft Exchange email server software is estimated to have hit tens of thousands of victims. The Biden administration has formally declared that Chinese state-backed APT groups were behind the original cyber attacks.
ProxyLogon vulnerabilities can cause significant issues for affected companies. Fortunately, Microsoft offered several solutions for fixing these problems, even providing one for people lacking on-site security assistance.
CISA and Microsoft Warn of Chinese Hackers Exploiting Several Microsoft Exchange Mail Server Zero-Day Vulnerabilities
Microsoft says state-sponsored Chinese hackers exploited four Microsoft Exchange mail server zero-day vulnerabilities. CISA warned of potential widespread exploitation.