Friday, January 22, 2021
Primarius Group
No Result
View All Result
PG-Intel
Advertisement
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management
PG-Intel
No Result
View All Result

Mimecast Says Hackers Compromised Digital Certificate

1 week ago
in Risk Management
0
Mimecast Says Hackers Compromised Digital Certificate
Share on FacebookShare on TwitterShare on LinkedIn


Breach Notification
,
Encryption & Key Management
,
Incident & Breach Response

Electronic mail Safety Firm Says Fewer Than 10 Clients Focused

Jeremy Kirk (jeremy_kirk) •
January 13, 2021    

Mimecast Says Hackers Compromised Digital Certificate

Email security provider Mimecast says hackers compromised a digital certificate that encrypts data that moves between several of its products and Microsoft’s servers, putting organizations at risk of data loss.

See Also: Continuous Attack Simulations: How to Identify Risk, Close Gaps, and Validate Your Security Controls


The certificates, which is issued by Mimecast, encrypts knowledge exchanged between the corporate’s Sync and Get better, Continuity Monitor and Inside Electronic mail Shield merchandise and Microsoft 365 Alternate Net Providers.


Mimecast, which is predicated in London, says that 10% of its prospects, or about 3,900, use this kind of connection between its merchandise and Microsoft. In its final earnings name in November 2020, Mimecast reported it has 39,200 prospects around the globe.


The corporate believes that fewer than 10 of these 3,900 prospects had been focused on account of the certificates compromise. It didn’t determine these prospects, though it says they’ve been contacted.


“As a precaution, we’re asking the subset of Mimecast prospects utilizing this certificate-based connection to right away delete the prevailing connection inside their M365 tenant and re-establish a brand new certificate-based connection utilizing the brand new certificates we have made obtainable,” Mimecast says in a press release. “Taking this motion doesn’t affect inbound or outbound mail stream or related safety scanning.”


Few Particulars Launched


Microsoft alerted Mimecast to the issue. Mimecast says it is working with Microsoft in addition to legislation enforcement officers and has employed a third-party forensics professional.


Mimecast did not describe the way it was compromised or if there have been different results. A spokesman provided no additional remark.


“Primarily based on Mimecast’s statements, the assaults had been focused at particular prospects, however with out extra, we are able to solely guess at what the attackers had been after.”
— Saryu Nayyar, CEO, Gurucul


How hackers might leverage the compromised certificates is troublesome to find out based mostly on the restricted info launched by Mimecast, says Saryu Nayyar, CEO of the analytics safety specialist Gurucul. However within the worst-case state of affairs, the hackers might be able to intervene with electronic mail, safe file backups, archives and extra, Nayyar says.


Mimecast acts as a mail switch agent for Microsoft’s Workplace365 electronic mail system. Mimecast’s merchandise sit in between Workplace365 and their shopper, performing safety actions akin to filtering spam and malware, earlier than the content material is handed on, Nayyar says.


“We merely do not know based mostly on what’s been reported how intensive the entry was,” she says. “Primarily based on Mimecast’s statements, the assaults had been focused at particular prospects, however with out extra, we are able to solely guess at what the attackers had been after.”


Reuters experiences that three cybersecurity investigators imagine the Mimecast certificates compromise could also be linked to the complicated SolarWinds supply-chain hack, whose results proceed to rattle enterprises and authorities businesses (see: SolarWinds Describes Attackers’ ‘Malicious Code Injection’).



ShareTweetShare

Related Posts

Is Your Business Ready for Round Two? Prepare Now for the Next Wave · Riskonnect
Risk Management

Rushing Technology Decisions Comes with Big Compliance Risks · Riskonnect

January 22, 2021
Here’s What You need to Know about CPRA · Riskonnect
Risk Management

Here’s What You need to Know about CPRA · Riskonnect

January 22, 2021
The 3 Most Common Types of BEC Attacks (And What …
Risk Management

Breach Data Shows Attackers Switched Gears in 2020

January 21, 2021
Microsoft Describes How SolarWinds Hackers Avoided Detection
Risk Management

Microsoft Describes How SolarWinds Hackers Avoided Detection

January 21, 2021
Chinese Hacking Group Targets Airlines, Semiconductor Firms
Risk Management

Chinese Hacking Group Targets Airlines, Semiconductor Firms

January 21, 2021
Five Actions Every Portfolio Marketer Should Take To Drive Business Value In 2021
Risk Management

Five Actions Every Portfolio Marketer Should Take To Drive Business Value In 2021

January 21, 2021
Next Post
Best email services of 2020: paid, free and business providers

Best email services of 2021: paid, free and business providers

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Updates

ICO Urged to Investigate Secretive Tory Party Consultancy

ICO Urged to Investigate Secretive Tory Party Consultancy

4 mins ago
Army Chief Meets South Korean Brass To Bolster Military Ties

Army Chief Meets South Korean Brass To Bolster Military Ties

13 mins ago
Dahua Technology to launch 2021 core product portfolio

Dahua Technology to launch 2021 core product portfolio

20 mins ago
Conditional Access System (CAS) Market – Global Industry Trends, Share, Size, Growth, Opportunity and Forecast 2020-2025 – ResearchAndMarkets.com

Singapore Access Control System Market 2020-2026F: Market Forecast by Types, Applications, Regions, and Competitive Landscape – ResearchAndMarkets.com

21 mins ago
‘Indian Navy needs fleet of SSNs, nuclear-powered general-purpose attack submarines’ – Indian Defence Research Wing

‘Indian Navy needs fleet of SSNs, nuclear-powered general-purpose attack submarines’ – Indian Defence Research Wing

44 mins ago
Human Error to Blame as Exposed Records Top 37 Billion in 2020

Human Error to Blame as Exposed Records Top 37 Billion in 2020

49 mins ago
Bosses are using monitoring software to keep tabs on working at home. Privacy rules aren’t keeping up

Bosses are using monitoring software to keep tabs on working at home. Privacy rules aren’t keeping up

1 hour ago
Biden keeps Trump appointee as acting nuclear weapons chief

Biden keeps Trump appointee as acting nuclear weapons chief

1 hour ago
Load More
PG-Intel

© 2020 All Rights Reserved .

Brought to you by Primarius Group

  • Disclaimer
  • Privacy Policy
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Follow Us

No Result
View All Result
  • Home
  • Physical Security
  • Cyber security
  • Defense
  • Corporate Security
  • Emergency Management
  • Open Source Intelligence
  • More
    • Geo-politics
    • Threat intelligence
    • Protective Intelligence
    • Risk Management

© 2020 All Rights Reserved .