<img alt="" src="https://secure.hiss3lark.com/173130.png" style="display:none;">

Datashield's Resource Library

Read all of our news, articles, reviews, and more in our company blog

All Posts

Mimecast Breach Bulletin: Vulnerability 01-26-21

Mimecast SolarWinds Vulnerability

On January 26th, 2020, Mimecast released an updated statement about the compromise first published on January 12th 2020.

Initially believed to be a targeted attack against a few select Mimecast customers, their follow-on investigation revealed a much wider attack surface. Mimecast was also able to conclude that this attack was the same threat actor behind the Solarwinds breach, which was the cause of their infection. The attackers were able to do following:

“The threat actor accessed, and potentially exfiltrated, certain encrypted service account credentials created by customers hosted in the United States and the United Kingdom. These credentials establish connections from Mimecast tenants to on-premise and cloud services, which include LDAP, Azure Active Directory, Exchange Web Services, POP3 journaling, and SMTP-authenticated delivery routes.”

Datashield and Mimecast are not aware of any of these credentials being decrypted and/or used. However, as a precaution, we are recommending clients reset these secrets to ensure they are not misused in the future.

Guides:

If you have any questions or concerns reach out to us or start a chat.

Topics from this Article

Mimecast, News, Email Security, CVE

Datashield
Datashield
Official Datashield account for blog content, news, announcements and more. The articles authored include a collaboration between internal staff, specifically the security operations and marketing team.

Related Posts

How to Celebrate National Day of Unplugging

Did you know that March 5, 2021 is the National Day of Unplugging?

Job Openings at Datashield and Partner Companies

To go alongside our upcoming webinar, How to Get a Job in IT, Datashield is sharing open job positions within our company and our partners RSA, SentinelOne, Google Chronicle, ExtraHop, Microsoft, Proofpoint, Digital Shadows, and Vmware Carbon Black.

What is Penetration Testing?

A penetration test or pen test is a simulated cyber-attack against computer systems, application systems, and IT infrastructure to discover loopholes. These simulated cyber-attacks come in diverse forms with the intent of breaching a system through its servers, web or mobile applications, and other endpoints. The purpose of pen testing is to discover exploitable vulnerabilities in a controlled setting before cybercriminals take advantage of them.