Microsoft Exchange
Need an Edge to Your Business? Take a Fresh Look At Your Security Strategy
Sourced from International IDEA As we all start to get a better view of what the future might hold, organisations need to look again at their security strategy. But first, we need to take stock. After the initial shock of lockdowns and mass remote working, what have we learned from the past two years as we all attempted to adjust to the new reality? You’re working in a landscape of increasing threats and vulnerabilities The widespread shift to the cloud to support those working remotely has inadvertently created a much larger attack surface. The sheer number of new locations, devices, and networks organisations are managing today alone calls for a security rethink – a need that’s magnified by a year-on-year increase in threats. And the pandemic has magnified the problem, sending a huge wav...
Watch out for this credential-stealing Microsoft Exchange add-on
Image sourced from Discover Germany Kaspersky has uncovered a previously unknown IIS module (a piece of software aimed at providing additional features to Microsoft web servers) they have since dubbed Owowa that steals credentials entered by a user when logging into Outlook Web Access (OWA); it also allows the attackers to gain remote control access to the underlying server. Compiled sometime between late 2020 and April 2021, this module is a stealthy theft method that is difficult to detect with network monitoring. It’s also resistant to software updates from Exchange, meaning it can stay hidden on a device for a long time. In 2021, advanced threat actors were increasingly exploiting vulnerabilities of Microsoft Exchange Server. In March, four critical vulnerabilities in the servers allow...
