Tag

Microsoft Exchange

All articles tagged with #microsoft exchange

technology4 months ago•2 min saved

CISA, NSA, and Partners Release New Microsoft Exchange Security Guidance

CISA and NSA have issued guidance for securing Microsoft Exchange servers, emphasizing best practices like strong authentication, minimizing attack surfaces, and decommissioning outdated servers, especially after recent vulnerabilities and attacks exploiting Exchange flaws. They recommend migrating to Microsoft 365, enabling multi-factor authentication, applying security patches, and monitoring for suspicious activity to prevent breaches.

via BleepingComputer|

#cisa #cybersecurity #microsoft-exchange

technology6 months ago•3 min saved

CISA Urges Federal Agencies to Patch Critical Microsoft Exchange Vulnerability

CISA has ordered all US federal agencies to urgently patch a critical Microsoft Exchange vulnerability (CVE-2025-53786) by Monday morning, which could allow attackers with admin access to compromise entire domains through hybrid Exchange configurations. Agencies must update their systems and switch to a dedicated hybrid app to prevent potential lateral movement into cloud environments, with non-government organizations also urged to follow suit.

via BleepingComputer|

#cve-2025-53786 #federal-agencies #hybrid-vulnerability

cybersecurity6 months ago•4 min saved

Microsoft Exchange Vulnerability Prompts Urgent Security Measures

CISA has issued an emergency directive requiring federal agencies to mitigate a critical post-authentication vulnerability (CVE-2025-53786) in Microsoft Exchange hybrid environments by August 11, 2025, including assessing their systems, updating to the latest CUs, applying hotfixes, disconnecting end-of-life servers, and preparing for API transitions, with ongoing reporting and assistance from CISA.

via CISA (.gov)|

#cisa #cybersecurity #emergency-directive

security6 months ago•1 min saved

Microsoft Issues Urgent Warning on Critical Exchange Server Vulnerability

CISA warns of a high-severity vulnerability in hybrid Exchange deployments (CVE-2025-53786) that could allow privilege escalation and compromise of the organization's Exchange Online service. Organizations are advised to follow Microsoft's guidance, install hotfix updates, and disconnect end-of-life servers from the internet to mitigate risks.

via CISA (.gov)|

#cisa #cve-2025-53786 #hybrid-deployment

world7 months ago•6 min saved

FBI Arrests Chinese National for Cyberattacks on US COVID-19 Research

The Justice Department announced the arrest of Xu Zewei, a Chinese hacker linked to state-sponsored cyber intrusions, including the HAFNIUM campaign targeting U.S. entities and COVID-19 research, with Xu facing multiple charges and extradition proceedings in Italy, highlighting ongoing efforts to combat Chinese cyber espionage.

via Department of Justice (.gov)|

#china #cybersecurity #fbi

technology2 years ago•1 min saved

"Microsoft's February 2024 Patch Tuesday Addresses Critical Exchange Server Flaws and Zero-Day Exploits"

Over 28,500 Microsoft Exchange servers are vulnerable to a critical privilege escalation flaw (CVE-2024-21410) actively exploited by hackers, with up to 97,000 servers potentially at risk. The flaw allows remote unauthenticated actors to perform NTLM relay attacks, potentially leading to unauthorized access and data breaches. System administrators are urged to apply the necessary updates and mitigations to protect their servers, as the exploitation of this vulnerability can have serious consequences for organizations.

via BleepingComputer|

#cybersecurity #hacking #microsoft-exchange

cybersecurity2 years ago•2 min saved

"Massive Security Breach: Thousands of Microsoft Exchange Servers at Risk of Attack"

Over 20,000 Microsoft Exchange email servers worldwide, including in Europe, the U.S., and Asia, are exposed on the public internet and vulnerable to remote code execution flaws. These servers are running unsupported software versions that no longer receive updates, making them susceptible to multiple security issues, some of which are critical. Despite available mitigations, the number of outdated Exchange servers has only decreased by 18% since April, leaving many still vulnerable. Companies are urged to prioritize the installation of updates or upgrade to supported versions to mitigate the risks.

via BleepingComputer|

#cybersecurity #end-of-life #microsoft-exchange

cybersecurity2 years ago•2 min saved

Multiple Zero-Day Flaws and Vulnerabilities Uncovered in Microsoft Exchange and SketchUp Support

The Zero Day Initiative (ZDI) has disclosed four zero-day vulnerabilities in Microsoft Exchange that can be exploited remotely by authenticated attackers to execute arbitrary code or disclose sensitive information. Despite being notified by ZDI, Microsoft has not yet fixed the vulnerabilities. The flaws include deserialization issues and server-side request forgery vulnerabilities.

via Security Affairs|

#cybersecurity #information-disclosure #microsoft-exchange

cybersecurity2 years ago•1 min saved

Microsoft Exchange Zero-Days and SketchUp Vulnerabilities Expose Data Theft and RCE Risks

Four zero-day vulnerabilities in Microsoft Exchange have been disclosed by Trend Micro's Zero Day Initiative (ZDI), allowing attackers to remotely execute arbitrary code or access sensitive information. Despite Microsoft acknowledging the flaws, they deemed them not severe enough for immediate servicing, leading ZDI to publish the vulnerabilities to warn Exchange admins. The vulnerabilities require authentication for exploitation, reducing their severity rating, but cybercriminals have various methods to obtain Exchange credentials. ZDI recommends restricting interaction with Exchange apps and implementing multi-factor authentication as mitigation strategies.

via BleepingComputer|

#authentication #cybersecurity #data-theft