Microsoft Exchange

Pwned by the Mail Carrier

Pwned by the Mail Carrier

| | Active Directory, BloodHound, Microsoft Exchange, research, security-boundaries
How MS Exchange on-premises compromises Active Directory and what organizations can do to prevent that.At SpecterOps, we recommend our customers establish a security boundary around their most critical assets (i.e., Tier Zero) of ...
Posts By SpecterOps Team Members - Medium
DoD HQ, “The Pentagon”

DoD Email Breach: Pentagon Tells Victims 12 Months Late

| | Anurag Sen, azure, Azure cloud, Azure Government Cloud, Compliance Automation Platform for FedRAMP, data privacy PII, defense department, Department of Defense, devops in government, DevSecOps in Government, digital government, DoD, email, Federal Government, Federal Government Bids, FedRAMP, fedramp accreditation;, fedramp ato, fedramp certification, fedramp compliance, government, Microsoft Azure, Microsoft Azure Security, Microsoft Exchange, Microsoft Exchange Server, pentagon, pii, PII Leakage, SB Blogwatch, U.S. Department of Defense, United States Department of Defense, US DOD, USDoD, USSOCOM
3TB Email FAIL: Personal info of tens of thousands leaks. Microsoft cloud email server was missing a password ...
Security Boulevard
IoT Log4j Exchange ProxyLogon OT PKI IoT security

Log4j, ProxyLogon Top 2021 Exploitable Vulnerabilities List 

| | Apache Log4j, Application Security Vulnerabilities, iot, Microsoft Exchange, ProxyLogon
The Log4Shell vulnerability affecting Apache’s Log4j library and the ProxyLogon and ProxyShell vulnerabilities affecting Microsoft Exchange email servers topped the list of the most routinely exploited vulnerabilities in 2021. These threats were ...
Security Boulevard

Microsoft 365: Should Your Organization be Worried About Microsoft 365 Vulnerabilities?

| | Microsoft 365, Microsoft 365 security, Microsoft Exchange, Ransomware
Microsoft 365 hails as the lifeblood of most American (and global) small-medium sized enterprises. Since the wake of the Covid-19 pandemic, cybercriminals and hackers have seemed to up their illegal game by ...
Blog – Infocyte
NOBELIUM Demonstrates  Why Microsoft Is the Weakest Link

NOBELIUM Demonstrates  Why Microsoft Is the Weakest Link

| | azure, cyberattack, cybercrime, E5 License, Exploits, Lior Blog, Lior Div, Microsoft, microsoft defender, Microsoft Exchange, NOBELIUM, RansomOps, Ransomware, Russia, SolarWinds Attacks, Vulnerabilities, vulnerability
Microsoft platforms and products are ubiquitous. Government agencies and companies of all sizes and industries around the world rely on Microsoft software to get things done. They are also riddled with security ...
Blog
Microsoft Publishes Veiled Mea Culpa Disguised as Research

Microsoft Publishes Veiled Mea Culpa Disguised as Research

| | E5 License, EDR, endpoint detection and response, Endpoint Protection Platform, EPP, Exploits, Extended Detection and Response, Microsoft, Microsoft Exchange, Nation-state Attack, SolarWinds Attacks, Unified Endpoint Security, Vulnerabilities, vulnerability, XDR
The Microsoft Threat Intelligence Center (MSTIC) shared a report warning that NOBELIUM—the threat actor behind the SolarWinds attacks—is targeting delegated administrative privileges as part of a larger malicious campaign. Microsoft cautions that ...
Blog
Microsoft’s Failure to Prioritize Security Puts Everyone at Risk

Microsoft’s Failure to Prioritize Security Puts Everyone at Risk

| | Anti-Ransomware, antivirus, Cybereason Anti-Ransomware Solution, EDR, Endpoint Controls, endpoint detection and response, Endpoint Protection Platform, enterprise security, EPP, Exploits, Extended Detection and Response, Hafnium, Microsoft, microsoft defender, Microsoft Exchange, Microsoft Hypertext Markup Language, Network Security, Next Generation Antivirus, ngav, ProxyLogon, ProxyShell, SolarWinds Attacks, Unified Endpoint Security, Vulnerabilities, vulnerability
It has been a very busy year when it comes to Microsoft zero-day attacks. According to KrebsOnSecurity, May is the only month in 2021 that Microsoft didn’t release a patch to defend ...
Blog
1,460-Day Old Known Vulnerability Catches Microsoft Off Guard

1,460-Day Old Known Vulnerability Catches Microsoft Off Guard

| | AI, Artificial Intelligence, Azurescape, Cybereason Defense Platform, Cybereason XDR Platform, EDR, Endpoint Controls, endpoint detection and response, Endpoint Protection Platform, Exploits, Hafnium, Lior Blog, machine learning, Microsoft, Microsoft Exchange, Microsoft Hypertext Markup Language, MSHTML, Next Generation Antivirus, ngav, PrintNightmare, SolarWinds Attacks, Unified Endpoint Security, Vulnerabilities, vulnerability, XDR, zero-day
Vulnerabilities are a fact of life. I started my career in cybersecurity finding and exploiting those vulnerabilities to conduct nation-state offensive operations. I understand the simple reality that there is no such ...
Blog
Three Pillars of Infosec: Confidentiality, Integrity and Availability

Three Pillars of Infosec: Confidentiality, Integrity and Availability

| | Anti-Ransomware, CIA Triad, Confidentiality, Integrity and Availability, Cybereason Anti-Ransomware Solution, Cybersecurity, DeadRinger, Endpoint Controls, endpoint detection and response, Endpoint Protection Platform, Infosec, Microsoft Exchange, MITRE ATT&CK Framework, Next Generation Antivirus, Operation-Centric Security, Privacy, Ransomware, security, Unified Endpoint Security, zero trust
Resurgent data breaches that can be tied back to a failure to adhere to basic infosec principles have been an unpleasant surprise in a world of modern security frameworks and maturing processes, ...
Blog
Azurescape Vulnerability: More Evidence that  Microsoft Should Leave Security to the Experts

Azurescape Vulnerability: More Evidence that  Microsoft Should Leave Security to the Experts

| | Azurescape, cloud computing, Cybersecurity, EDR, Endpoint Controls, endpoint detection and response, Endpoint Protection Platform, EPP, Extended Detection and Response, Hafnium, Microsoft, Microsoft Exchange, Privilege Escalation, security, Software Security, SolarWinds Attacks, Unified Endpoint Security
It’s been a busy couple weeks for Microsoft—and not in a good way. Following the news that a configuration error left Azure cloud customer data exposed to potential compromise, and a security ...
Blog
Load more