The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance for users of Microsoft Exchange Online to switch from Basic Authentication, or “Basic Auth,” to Modern Authentication, or “Modern Auth” – which supports multi-factor authentication (MFA) – by the beginning of October. […]
After studying the SolarWinds and Microsoft Exchange attacks for the past year, the Government Accountability Organization (GAO) detailed the lessons agencies learned and ten critical actions still needed to address major cybersecurity challenges in a new report. […]
The Biden administration took formal steps today to pin the Microsoft Exchange software supply chain hack disclosed earlier this year on people connected with the Chinese government’s Ministry of State Security (MSS). […]
The Federal government is curtailing its “surge” response to the SolarWinds Orion and Microsoft Exchange hacks after seeing improvements in patching that have helped to remediate the impacts of the cyber attacks, the Biden administration said today. […]
Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies, released a statement today requiring all Federal agencies to apply Microsoft’s new set of Exchange patches “immediately.” […]
The Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has released supplemental directions to help agencies root out and mitigate vulnerabilities in their Microsoft Exchange on-premises products. […]
The ongoing “Sunburst” cyber-espionage campaign that resulted in the SolarWinds Orion and Microsoft Exchange breaches represents a strategic failure by the U.S., rather than simple IT inadequacy, according to a report by the Atlantic Council. […]
The White House said today the Federal government’s Unified Coordination Group (UCG) of intelligence and law enforcement agencies responding to the Microsoft Exchange hack now includes private sector firms. […]
The Cybersecurity and Infrastructure Security Agency (CISA) on March 3 issued an emergency directive to Federal civilian agencies to patch a critical vulnerability in Microsoft Exchange on-premises products. The agency said that cloud services such as Microsoft 365 and Azure systems “are not known to be affected by this vulnerability.” […]