#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Mimecast | Breaking Cybersecurity News | The Hacker News

Category — Mimecast
SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

SonicWall Releases Patches for New Flaws Affecting SSLVPN SMA1000 Devices

May 14, 2022
SonicWall has published an  advisory  warning of a trio of security flaws in its Secure Mobile Access (SMA) 1000 appliances, including a high-severity authentication bypass vulnerability. The weaknesses in question impact SMA 6200, 6210, 7200, 7210, 8000v running firmware versions 12.4.0 and 12.4.1. The list of vulnerabilities is below - CVE-2022-22282  (CVSS score: 8.2) - Unauthenticated Access Control Bypass CVE-2022-1702  (CVSS score: 6.1) - URL redirection to an untrusted site (open redirection) CVE-2022-1701  (CVSS score: 5.7) - Use of a shared and hard-coded cryptographic key Successful exploitation of the aforementioned bugs could allow an attacker to unauthorized access to internal resources and even redirect potential victims to malicious websites. Tom Wyatt of the Mimecast Offensive Security Team has been credited with discovering and reporting the vulnerabilities. SonicWall noted that the flaws do not affect SMA 1000 series running versions earlier than 12.4.0, SM
Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Mimecast Finds SolarWinds Hackers Stole Some of Its Source Code

Mar 17, 2021
Email security firm Mimecast on Tuesday revealed that the state-sponsored SolarWinds hackers who broke into its internal network also downloaded source code out of a limited number of repositories. "The threat actor did access a subset of email addresses and other contact information and hashed and salted credentials," the company  said  in a write-up detailing its investigation, adding the adversary "accessed and downloaded a limited number of our source code repositories, as the threat actor is reported to have done with other victims of the SolarWinds Orion supply chain attack." But Mimecast said the source code downloaded by the attackers was incomplete and would be insufficient to build and run any aspect of the Mimecast service and that it did not find signs of any tampering made by the threat actor to the build process associated with the executables that are distributed to its customers.  On January 12, Mimecast  disclosed  that "a sophisticated th
NIST Cybersecurity Framework (CSF) and CTEM – Better Together

NIST Cybersecurity Framework (CSF) and CTEM – Better Together

Sep 05, 2024Threat Detection / Vulnerability Management
It's been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally tailored for Critical infrastructure, 2018's version 1.1 was designed for any organization looking to address cybersecurity risk management.  CSF is a valuable tool for organizations looking to evaluate and enhance their security posture. The framework helps security stakeholders understand and assess their current security measures, organize and prioritize actions to manage risks, and improve communication within and outside organizations using a common language. It's a comprehensive collection of guidelines, best practices, and recommendations, divided into five core functions: Identify, Protec
Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365

Hackers Steal Mimecast Certificate Used to Securely Connect with Microsoft 365

Jan 13, 2021
Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The discovery was made after the breach was notified by Microsoft, the London-based company  said in an alert  posted on its website, adding it's reached out to the impacted organizations to remediate the issue. The company didn't elaborate on what type of certificate was compromised, but Mimecast offers  seven different digital certificates  based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast. "Approximately 10 percent of our customers use this connection," the company said. "Of those that do, there are indications that a low single digit number of our customers' M365 tenants were targeted." Mimecast is a cloud-based email management service for Microsoft Exchange and Microsoft Office 365
cyber security

Secure Your Network: 40% Face Full Takeover Risk

websitePicus SecurityEndpoint Security / Attack Surface
Understand and address the critical risks in your network to prevent takeovers.
Expert Insights / Articles Videos
Cybersecurity Resources