Messaging Security Archives

Rackspace suffers from security incident involving Hosted Exchange services

Cybersecurity Attacks, Data Breach, Messaging Security, Vulnerabilities & Exploits / By Frank Crast / December 4, 2022 / Exchange, Microsoft, Office365, ProxyNotShell, Rackspace, Zeroday

Cloud computing services company Rackspace has reported a security incident involving Hosted Exchange services.

Researchers warn shoppers to beware of Black Friday hacker scams

Messaging Security, Phishing, Social Engineering / By Frank Crast / November 20, 2022 / Black Friday, Check Point, Cyberscam, phishing

Researchers from Check Point Research are warning shoppers to beware of Black Friday hacker “holiday special” scams.

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

Cybersecurity Attacks, Messaging Security, Vulnerabilities & Exploits / By Frank Crast / November 12, 2022 / CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, CVE-2022-30333, CVE-2022-37042, Exploit, Vulnerabilities, ZCS, Zimbra, Zimbra Collaboration Suite

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have published a joint security alert for multiple vulnerabilities against Zimbra Collaboration Suite (ZCS).

Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / November 11, 2022 / CVE-2022-3602, CVE-2022-3786, CVE-2022-41040, CVE-2022-41073, CVE-2022-41082, CVE-2022-41091, CVE-2022-41125, CVE-2022-41128, Exchange, ProxyNotShell

The Microsoft November 2022 Security Updates includes patches and advisories for 65 vulnerabilities, including 6 zero-days and 10 Critical severity issues.

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Authentication, Cybersecurity Attacks, Messaging Security / By Frank Crast / October 7, 2022 / authentication, basic auth, EAS, EWS, Exchange, Exchange Online, IMAP, Microsoft, Oauth, OAuth 2.0, Outlook, POP, RPS, SMTP

Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 1, 2022 / CVE-2022-41040, CVE-2022-41082, Exchange, Exchange Server 2019, IIS, Microsoft, PowerSHell, ProxyNotShell, Vulnerabilities, Zero-day

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.

Messaging Security

Rackspace suffers from security incident involving Hosted Exchange services

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Zoom patches XMPP vulnerability chain that could allow an attacker to compromise user over Zoom chat

NIST SP 800-47 Rev. 1: Managing the Security of Information Exchanges

Justice Department seizes domains used in Nobelium spear-phishing attacks