- 25 tie turns 13.01.2021
- 10 rotary link 13.01.2021
- Exhibit link 13.01.2021
- Exhibit link 13.01.2021
- 25 rotary link 13.01.2021
See security details for more information
Mimecast said on Tuesday that a “sophisticated threat actor” compromised a digital certificate it provided to some customers to securely connect its products to Microsoft 365 (M365) Exchange.
The discovery was made after Microsoft’s notification of the breach, the London-based company said in an alert posted to its website, adding that it had contacted the affected organizations to resolve the issue.
The company did not specify the type of certificate compromised, but Mimecast offers seven different digital certificates depending on the geographic location that must be uploaded to M365 to create a server connection in Mimecast.
“About 10% of our customers use this connection,” the company said. “Of those who do, it appears that a small number of our clients’ M365 tenants have been targeted.”
Mimecast is a cloud-based email management service for Microsoft Exchange and Microsoft Office 365, provides users with an email security and continuity platform to protect them against spam, malware, phishing and attacks targeted.
The compromised certificate is used to verify and authenticate Mimecast Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products to Exchange M365 web services.
A consequence of such a breach could result in a middleman attack (MitM), where an adversary could potentially take control of the connection and intercept email traffic, and even steal sensitive information.
As a precautionary measure to avoid future abuse, the company said it has instructed its customers to drop the existing connection within their M365 tenant with immediate effect and reestablish a new certificate-based connection using of the new certificate that it made available.
“This action has no impact on the flow of incoming or outgoing mail or the associated security analysis,” Mimecast said in its notice.
An investigation into the incident is underway, with the company noting that it will work closely with Microsoft and law enforcement as appropriate.
The development comes as Reuters, citing sources, said the hackers who compromised Mimecast were the same group that raped US software maker SolarWinds and a host of sensitive US government agencies.
“Our investigation is ongoing and we have nothing more to share at this time,” a company spokesperson told The Hacker News.
Europol said on Tuesday it had shut down DarkMarket, the world’s largest online marketplace for illicit goods, in an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the National UK Crime Agency (NCA) and US Federal Bureau of Investigation (FBI).
At the time of closing, DarkMarket is said to have had 500,000 users and over 2,400 vendors, with over 320,000 transactions resulting in the transfer of over 4,650 bitcoins and 12,800 monero – totaling 140 million euros ($ 170 million). .
The illegal internet market has specialized in the sale of drugs, counterfeit bills, stolen or forged credit card information, anonymous SIM cards, and standard malware.
Additionally, the months-long intelligence operation also resulted in the arrest of a 34-year-old Australian national near the German-Danish border over the weekend, who is believed to be the mastermind behind DarkMarket.
According to The Guardian, DarkMarket was discovered during a major investigation against web hosting service CyberBunker, which has served as a web host for The Pirate Bay and WikiLeaks in the past.
The dismantling of DarkMarket also saw law enforcement seize the criminal infrastructure, including more than 20 servers in Moldova and Ukraine, which was used to conduct operations.
“The stored data will give investigators new avenues to further investigate moderators, sellers and buyers,” Europol said.
DarkMarket may have been turned off, but underground markets such as Joker’s Stash continue to be a hotbed of malware trading, with the pandemic contributing to a spike in goods or services for carrying out social engineering scams .
Previously, Dream Market, another prominent dark web marketplace, went out of business in April 2019, and a Europol-led police operation also shut down Wall Street Market and Silkkitie (also known as Valhalla Marketplace. ) one month later in May 2019.
The Wall Street marketplace had 1.15 million users and 5,400 sellers of drugs, malware and other criminal products.
Then last August, Empire Market, a popular darknet marketplace for buying and selling drugs, mysteriously went offline, implying an exit scam that hit illegal darknet markets.
These changes have led cybercriminals to find alternative ways to build trust and sell their wares, including exploiting encrypted messaging services like Sonar and Elude, private channels on Discord to facilitate transactions, and a website called “DarkNet. Trust ”which aims to verify the reputation of suppliers. by searching in usernames.
“These markets change and evolve as legitimate spaces, adapting to the needs of buyers, supply issues and new technologies,” Trend Micro researchers said in a report released last year detailing the volatile nature of underground markets. “The products and prices available respond quickly to problems in the public sphere.”
The Collect 100 Spin Link post below first appeared on DC News :.