|
Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere. |
|
Thread Tools |
6 Mar 2021, 07:19 PM | #1 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,723
|
Massive Exchange Attack
If you are using Microsoft Exchange on a local server patch now! https://krebsonsecurity.com/2021/03/...re/#more-54608
|
7 Mar 2021, 02:52 PM | #2 |
Essential Contributor
Join Date: Aug 2009
Location: Canada
Posts: 296
|
First detected Jan 6, fixes from MS Mar 2. That's pretty slow.
Google news shows tech sites reporting on Mar 2/3, Krebs Mar 5 and MSM Mar 6. The wake up call we need if it's actually China's state hackers. We can't have our tech industry dependent on China. |
7 Mar 2021, 06:57 PM | #3 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,723
|
MS is trying to force everyone into the cloud with monthly subscriptions, whether they like it or not. I suspect they've reduced staff and support for most on-site software systems, so in some ways an attack like this is actually somewhat helpful to them. Personally, I do think the cloud is the way to go for most businesses, and something like this is one reason why. I used to work at a small nonprofit that had an Exchange server on premises and it was nothing but trouble. Bigger companies might be able to hire the fulltime staff to handle on premises server management, but they won't have teams of thousands all over the world working 24/7 like MS does.
|
7 Mar 2021, 07:20 PM | #4 |
Master of the @
Join Date: May 2003
Posts: 1,320
|
It's a must that email is encrypted at rest and 2fa is mandatory, I appreciate if it is a bug/hack they might be able to bypass 2fa (?) but encrypted at rest they should not be able to should they.
|
7 Mar 2021, 07:30 PM | #5 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,723
|
Here's a Microsoft blog post with more of the technical details: https://www.microsoft.com/security/b...hange-servers/
|
8 Mar 2021, 10:21 PM | #6 |
Master of the @
Join Date: Feb 2017
Location: USA
Posts: 1,723
|
Another article with more information: https://www.zdnet.com/article/everyt...e-server-hack/
|
9 Mar 2021, 12:44 AM | #7 | |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,944
|
Victims include The European Banking Authority
Quote:
|
|