#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Exchange Server

Hackers Using Malicious OAuth Apps to Take Over Email Servers

Hackers Using Malicious OAuth Apps to Take Over Email Servers

September 23, 2022Ravie Lakshmanan
Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. "The threat actor launched credential stuffing attacks against high-risk accounts that didn't have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain initial access," the Microsoft 365 Defender Research Team said. The unauthorized access to the cloud tenant permitted the adversary to register a malicious OAuth application and grant it elevated permissions, and eventually modify Exchange Server settings to allow inbound emails from specific IP addresses to be routed through the compromised email server. "These modifications to the Exchange server settings allowed the threat actor to perform their primary goal in the attack: sending out spam emails," Microsoft  said . "The spam emails were sent as part of a
CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

CISA Issues Emergency Directive on In-the-Wild Microsoft Exchange Flaws

March 04, 2021Ravie Lakshmanan
Following Microsoft's release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has  issued  an emergency directive warning of " active exploitation " of the vulnerabilities. The alert comes on the heels of Microsoft's  disclosure  that China-based hackers were exploiting unknown software bugs in Exchange server to steal sensitive data from select targets, marking the second time in four months that the U.S. has scrambled to address a widespread hacking campaign believed to be the work of foreign threat actors. While the company mainly attributed the campaign to a threat group called HAFNIUM, Slovakian cybersecurity firm ESET  said  it found evidence of CVE-2021-26855 being actively exploited in the wild by several cyber espionage groups, including LuckyMouse, Tick, and Calypso targeting servers located in the U.S., Europe, Asia, and the
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.