Trusted by more than 2500 companies with over 5 million users

IceApple exploit framework targeting Microsoft Exchange servers

Stealthy, “highly sophisticated” post-exploitation framework used for data exfiltration likely the work of a state-sponsored threat actor. In late 2021, security researchers on CrowdStrike’s Falcon OverWatch team first detected a modular exploit targeting Microsoft Exchange Servers. Dubbed IceApple, the .NET-based framework has been observed in “distinct locations” and primarily directed toward entities in government, academic [...]

Microsoft March 2022 Patch Tuesday: 2 Exchange Server vulnerabilities fixed

The March 2022 SUs for Exchange Server address vulnerabilities responsibly reported by security partners and found through Microsoft’s internal processes. Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately. These vulnerabilities affect on-premises Exchange Server, including servers used by customers in Exchange Hybrid mode. Exchange [...]

Brute Force password attack causes massive Active Directory lockout at hospital

Early in the morning, a sudden spike in calls to the helpdesk for password resets and releases swamped IT-support staff at a hospital network. User accounts were under attack and Active Directory lockouts were spreading fast. Together we installed Messageware Exchange Protocol Guard (EPG) to look in detail at Outlook Web and immediately two things [...]

Notes From the Field: Government agency stolen passwords bypass 2FA Security

The UK's National Cyber Security Centre (NCSC) is warning that criminals are looking to exploit the trend toward home office (Coronavirus) to conduct cyberattacks and hacking campaigns. These ‘phishing’ attempts have been seen in several countries and can lead to significant losses: financial, reputational, and sensitive data. And no one is immune —as you'll read [...]

Bots Automatically Target Credit Union’s Exchange Servers With Password Spray Attacks

Exchange Server Hacks: Notes From The Field Cybersecurity is a top concern for everyone in the banking and financial sectors, and credit unions are no exception. The speed at which bots discover and target internet-facing Exchange Servers underscores the need for a variety of security solutions to minimize attack surfaces. In our fifth and final [...]

Timeline of Microsoft Exchange Server Zero-Day attacks

June 8, 2021 - Microsoft June 2021 Patch Tuesday: 50 vulnerabilities patched, six zero-days exploited in the wild Six out of seven zero-days are being actively used in cyberattacks. ... Microsoft June 2021 Patch Tuesday: 50 vulnerabilities patched, six zero-days ... Last month, Microsoft resolved 55 security flaws, four of which were deemed critical in ... flaws. .… [Read More] May 24, 2021 - [...]

2021-06-25T08:49:29-04:00Exchange Security|

Telco Adds Exchange Server Protocol Guard to Prevent AD Lockouts Caused by 2FA Login Software

Exchange Server: Notes From the Field This case involves attacks at a division of a large Telco with a strong IT team operating more than sixty on-premises servers and mandated 2FA security solution for divisions managing their own Exchange Servers. And then … several incidents lead one Division’s security team to discover that password guessing [...]

Disgruntled ex-employee attacks Exchange Server with Outlook Mobile from their BYOD device

Exchange Server: Notes from the Field Support staff in a large manufacturing company were experiencing a sudden increase in the number of calls dealing with Active Directory user account lockouts and email password resets. The Exchange Server messaging group reached out to us for help. Together we installed Exchange Protocol Guard (EPG) to find out [...]