November 15, 2024 at 06:00PM Microsoft has retracted its November 2024 Exchange security updates due to email delivery issues reported by admins. The update disrupted mail flow rules and data loss protection for Exchange users. Microsoft advises affected customers to uninstall the updates while investigating a permanent fix, with the rollout paused until resolved. **Meeting … Read more
October 28, 2024 at 03:26PM Microsoft has launched inbound SMTP DANE with DNSSEC for Exchange Online, enhancing email security. Following delays due to security concerns, this feature is now available to all customers, with complete rollouts expected by early 2025. It protects against man-in-the-middle attacks by verifying email communication authenticity. ### Meeting Takeaways: Microsoft Inbound … Read more
October 17, 2024 at 02:08AM APT34, an Iranian threat group, has intensified its espionage targeting Gulf-state entities, especially in the UAE. Utilizing sophisticated techniques, including malware like StealHook and exploiting Windows vulnerabilities, APT34 effectively exfiltrates sensitive data. Their methods risk broader attacks via compromised networks, exploiting inter-agency trust within government organizations. ### Meeting Takeaways 1. … Read more
October 13, 2024 at 11:39AM Iranian hacking group APT34, also known as OilRig, has intensified attacks on UAE government and critical infrastructure, utilizing a new backdoor to exploit Microsoft Exchange servers and a Windows vulnerability (CVE-2024-30088). Trend Micro indicates links to another Iran-based group, FOX Kitten, raising concerns over potential ransomware threats. **Meeting Takeaways: APT34 … Read more
October 13, 2024 at 06:54AM OilRig, an Iranian cyber threat actor, has exploited a patched Windows Kernel vulnerability (CVE-2024-30088) in a cyber espionage campaign targeting the U.A.E. and Gulf region. Using sophisticated tactics, including a backdoor named STEALHOOK, they siphon credentials via Microsoft Exchange servers, aiming to maintain persistent access to compromised networks. ### Meeting … Read more
October 11, 2024 at 02:07PM Trend Micro has been tracking Earth Simnavaz (APT34/OilRig), a cyber espionage group targeting UAE government entities. Their sophisticated methods include utilizing backdoors, exploiting vulnerabilities, and employing RMM tools like ngrok for data exfiltration. Recent activities indicate a focus on critical infrastructure vulnerabilities to advance espionage goals in the region. ### … Read more
October 11, 2024 at 03:51AM Trend Micro reports on Earth Simnavaz (APT34), a cyber espionage group targeting UAE government entities, using sophisticated tactics like backdoor malware exploiting CVE-2024-30088. The group steals credentials via Microsoft Exchange servers, employing tools to evade detection. Their activities emphasize threats to critical infrastructure amidst geopolitical tensions in the Gulf region. … Read more
July 30, 2024 at 08:06AM The U.K.’s Information Commissioner’s Office (ICO) announced that the Electoral Commission was breached in August 2021 due to unpatched Microsoft Exchange vulnerabilities. Around 40 million people’s personal information was compromised, leading to the ICO reprimanding the commission for inadequate security measures. The breach has been linked to state-backed hacking groups … Read more
May 22, 2024 at 03:50AM Unknown threat actors are exploiting security flaws in Microsoft Exchange Server to deploy a keylogger malware targeting African and Middle Eastern entities. Russian cybersecurity firm Positive Technologies identified over 30 victims, including government agencies, banks, and IT companies, with the first compromise dating back to 2021. The attack chains commence … Read more
March 26, 2024 at 03:26PM The German national cybersecurity authority warned that 17,000 Microsoft Exchange servers in Germany are exposed and vulnerable to critical security flaws. Approximately 45,000 servers have Outlook Web Access enabled, with 12% using outdated versions. The BSI advised updating to secure versions, installing security updates, and restricting access to web-based services. … Read more