Microsoft’s 365 Defender Research Team recently investigated an attack in which malicious OAuth applications were deployed on compromised cloud tenants. Initial Access The attacker first needed to compromise a cloud user’s account that had sufficient permissions in order to create a malicious OAuth application. The threat actor did this by launching credential-stuffing attacks against high-risk [...]
In response to the recent targeting of critical infrastructure in the US and abroad, the Cybersecurity and Infrastructure Security Agency (CISA) urges network and security administrators to prepare and immediately mitigate potential cyber threats with the following measures. Implement and apply backup and recovery policies and procedures: Maintain offline backups of dataRegularly test backup and restorationEnsure all backup [...]
Microsoft Security Threat Intelligence has been tracking multiple ransomware campaigns by a group known as DEV-0270 who also goes by the alias Nemesis Kitten. Who is DEV-0270? DEV-0270, a sub-group of the Iranian threat actor known as PHOSPHORUS, are known for leveraging newly disclosed vulnerabilities against their targets. If successful, the group contacts the victim [...]
Security breaches cause organizational chaos, financial and reputation risk. Given how organizations have shifted to a hybrid of in-office and work-from-home, there is a significant increase in the security threat landscape, and it’s more important than ever to improve and harden Exchange Server security. These best practices help provide a baseline security framework that all [...]
Exciting news, MEC (The Microsoft Exchange Conference) is back! The biggest Exchange gathering of the year will be taking place ‘virtually’ Sept 13-14, 2022. It’s been 8 years since the last MEC and we’re excited for candid Q&A and hearing more from Microsoft on the future of Exchange Server. Here’s a link to the registration - https://aka.ms/MECAirlift! Released: [...]
Microsoft has released security updates (SUs) for vulnerabilities found in: Exchange Server 2013Exchange Server 2016Exchange Server 2019 The SUs address vulnerabilities responsibly reported to Microsoft by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your [...]
When Messageware was approached by a Missouri police department to assist with administrative streamlining, Messageware had the ideal solution. Issues at Hand The department’s administrative staff had been complaining of no MailTo ability for attachments since moving to Office 365. Staff had to re-login to the Outlook web session before they could navigate to attach [...]
When an Australian family-owned apparel retailer found Office 365 hindering their 500+ employees they turned to Messageware. The issue at hand: A customer since 2016, their business uses over one hundred Office 365 K1 Kiosk accounts for their retail stores. As none of these kiosks have mail clients installed on their local computers, they were [...]
When a chain of collision repair centers in the northeast USA discovered that Outlook web was hindering their unmatchable turnaround times, they approached Messageware. The issue at hand: Staff capture repair estimates for submission to insurers using kiosks conveniently located beside damaged vehicles. However, submitting a vehicle collision report becomes frustrating and time-consuming because Outlook [...]
Microsoft has released security updates (SUs) for vulnerabilities found in Exchange Server 2013, Exchange Server 2016, Exchange Server 2019.
