Connect with us
Microsoft will disable Basic Authentication in Exchange Online from October Microsoft will disable Basic Authentication in Exchange Online from October

Security

Microsoft will disable Basic Authentication in Exchange Online from October 2022

Published

on

Basic authentication makes it easier for attackers to steal user credentials.

Microsoft specialists from October 1, 2022 intend disable Basic authentication for all protocols across all Microsoft Exchange Online clients for user security. The announcement came after the company delayed removing basic authentication from Exchange Online until the second half of 2021 due to the COVID-19 pandemic.

“Starting October 1, 2022, we will begin to permanently disable Basic Authentication for all clients, regardless of usage (except for SMTP Auth, which can be re-enabled after that),” the Exchange Online team said.

Microsoft already started disabling Basic Authentication in June this year for customers who did not use it, and also explained how customers can re-enable unintentionally affected protocols. To disable Basic authentication in Exchange Online before Microsoft completely retires it, you must create and assign authentication policies to individual users by following the steps detailed on the Exchange Online support website.

Microsoft did not provide a reason for this statement. Presumably the reason is report Guardicore reports hundreds of thousands of plain text Windows domain credentials leaked due to misconfigured email clients using Basic Authentication.

Basic Authentication is an HTTP-based authentication scheme by which applications send credentials with every connection request to servers, endpoints, or online services, with username and password pairs often stored locally on the device.

While this greatly simplifies the authentication process, Basic Authentication also makes it easier for attackers to steal credentials when connections are not secured using the TLS cryptographic protocol.

Click to comment

Leave a Reply

Your email address will not be published.

Security

NASA intends to “in full force” to investigate UFOs – this will be done by specialists in aerospace security and artificial intelligence

Published

on

NASA intends to in full force to investigate UFOs

NASA is seriously planning to do research on UFOs. The agency announced this in June, and now there are new details. The research will be led by astrophysicist David Spergel, president of the Simons Foundation in New York. The group will also include 15-17 of the world’s leading scientists, including aerospace security experts and artificial intelligence specialists.

NASA intends to

The formation of the group is planned to be completed by October. The project itself is designed for 9 months, and the cost of research will be about $100,000.

According to Daniel Evans, spokesman for the Agency’s Science Mission Directorate (SMD), NASA intends to study the phenomenon “in full force”. At the same time, the agency tries to avoid the term UFO, instead using the concept of “unidentified aerial phenomena” (UAP).

Evans noted that NASA has a unique opportunity for such work. He also stated that other agencies do not enjoy such public confidence. The aim of the project is to classify the available UAP data and find ways to monitor it.

Earlier, NASA launched a service that shows how the human voice sounds on Mars.

Continue Reading

Security

Is Elon Musk’s Satellite Internet Under Threat? Enthusiast Hacked Starlink User Terminal

Published

on

Is Elon Musks Satellite Internet Under Threat Enthusiast Hacked Starlink

At the Black Hat Security Technology Conference recently held in Las Vegas, Lennert Wouters, a cybersecurity specialist from KU Leuven (Belgium), shared his experience of successfully hacking Starlink user equipment. True, this was not a classic software hack, since the researcher had to make a so-called “modchip”.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

The cost of manufacturing a chip connected to a Starlink subscriber terminal was $25. The chip caused a short-term short circuit, which disabled the built-in protection systems, after which the specialist gained access to the terminal. And already from it you can run any commands.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

Our attack could render Starlink user terminals unusable and allow us to execute arbitrary code.”Wouters said.

Is Elon Musk's Satellite Internet Under Threat?  Enthusiast Hacked Starlink User Terminal

This is what the Starlink terminal looks like

According to the researcher, the only reliable way to avoid such an attack is to create a new version of the main “dish” chip. Other ways to fix the problem. However, this hacking option provides direct access to subscriber equipment, and this is not the easiest option, but the Starlink system, apparently, is well protected from remote hacking. So its users hardly need to worry.

Continue Reading

Security

Hackers hacked Europe’s largest missile manufacturer

Published

on

Hackers hacked Europes largest missile manufacturer

Unknown hackers, acting under the nickname Adrastea, hacked into the database of the largest European missile manufacturer – MBDA, formed as a result of the merger of the French Aérospatiale-Matra Missiles, the British Matra BAe Dynamics and the Italian Finmeccanica-Leonardo. This was reported by Security Affairs.

Hackers hacked Europe's largest missile manufacturer

The attackers’ message about gaining access to the company’s network appeared on one of the forums. As evidence, a link to an archive with demo files was attached.

The total amount of stolen data was estimated by hackers at 60 GB. “The uploaded data contains confidential and confidential information about your company’s employees who took part in the development of closed military projects MBDA (PLANCTON, CRONOS, CA SIRIUS, EMADS, MCDS, B1NT, etc..) and about your company’s commercial activities in the interests of the EU Ministry of Defense (design documentation for air defense systems, missile systems and coastal defense systems, drawings, presentations, video and photo (3D) materials, contract agreements and correspondence with other companies Rampini Carlo, Netcomgroup, Rafael, Thales, ST Electronics, etc.”, the hackers wrote.

Adrastea is ready to discuss the cost of the stolen data array. MBDA has not yet commented on the incident.

MBDA manufactures a wide variety of missiles and related installations. For example, the company produces air-to-air missiles AIM-132 ASRAAM (short range, with IR guidance), MBDA Meteor (long range), MICA (medium range, with IR and radar guidance). The company’s product range also includes surface-to-air missiles – Mistral (MANPADS), MBDA Aster (medium and long range), Aspide Mk.1 (medium range), Sea Wolf (SAM), anti-ship (Exocet, Otomat, Marte, Sea Skua) and anti-tank (ERYX, Brimstone, HOT) missiles.

Continue Reading

Most Popular