Mimecast, an email security provider, has disclosed that a threat actor compromised certificates provided to Microsoft customers to authenticate Microsoft 365 IEP’s, Mimecast Sync and Recover, as well as its Continuity Monitor.
Mimecast, an email security provider, has disclosed that a threat actor compromised certificates provided to Microsoft customers to authenticate Microsoft 365 IEP’s, Mimecast Sync and Recover, as well as its Continuity Monitor.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>The attack against Mimecast and their secure connection to Microsoft\’s Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached Solarwinds and multiple government agencies. This shows the skill and tenacity State and State sponsored actors can bring to bear when they are pursuing their agenda. Against this sort of opponent, civilian organizations will need to up their game if they don\’t want to become the next headline. Basic cybersecurity is not enough. Organizations need to employ industry best practices, and then go farther with user education, programs to review and update their security, and deploying best in breed security solutions, including security analytics. The long term advantage is that defenses designed to resist a State level attack should be more than enough to thwart the more common cybercriminal.</p>