Mimecast, which provides email management systems, updates that the hacker was able to hack into the company’s systems and access customer information.
According to the company, the hacker was able to gain access to a certificate used to identify Mimecast services located on Microsoft’s server.
The company also states that all customers who may have been harmed have been updated and it also asks all customers of the company to replace the existing certificate in their possession with a new certificate issued by the company.
The breach was identified by Microsoft, which updated Mimecast that an unidentified source accessed the company’s servers.
According to DZNet: Β Mimecast says hackers abused one of its certificates to access Microsoft accounts.
Mimecast, a provider of email management software, said learned of the security incident from Microsoft.
Read more about Examples and Numbers of Social Engineering attacks Β βΊ
Save Your Company from Social Engineering Attacks Like that
Register and Get your Personalized Free Exposure Report NOW
and See your where your Company is Exposed to Hackers
Recently Published on our Blog
Low-Cost Honeypots That Catch Attackers Before They Hurt You
π Honeypots Catch Attackers Cheap and Fast
π Honeypots are decoys that legitimate users never touch β when they trigger, you know an attacker is inside your sightline.
π Simple decoys like fake admin accounts, bogus API keys, or dummy repos produce high-fidelity alerts without the false-positive noise of costly SIEM setups.
β οΈ In one real case, planted OAuth tokens exposed a contractor trying to exfiltrate sensitive data in days β setup cost: a few hours.
π§ For budget-constrained teams, honeypots change the detection game β you chase signals that should never exist, not faint anomalies buried in normal logs.
π‘οΈ They are not a cure-all β pair them with social engineering simulations, least-privilege policies, and continuous monitoring to close the human gaps attackers exploit.
π AUMINT.io simulates realistic human-targeted attacks and shows you where employees or vendors will likely fall for lures that lead attackers to your crown jewels.
π Want a step-by-step deployable plan this week? Schedule your demo
#CyberSecurity #SOC #CISO #Infosec #SecurityOps #Honeypots #AUMINT
Storm-2657 Payroll Pirate Attacks Expose University HR Risks
π¨ Storm-2657 Payroll Pirates Target Universities
Microsoft warns of attacks hijacking employee accounts to steal salaries.
π‘ HR SaaS platforms like Workday are being exploited with phishing and MFA bypass.
π₯ Attackers use AiTM phishing links, enroll their own MFA devices, and hide email notifications to reroute payroll.
β‘ 11 accounts compromised across three universities sent phishing emails to nearly 6,000 targets.
β Adopt phishing-resistant MFA like FIDO2 keys.
β Review accounts for unknown MFA devices and malicious inbox rules.
β Educate staff to recognize phishing tactics.
AUMINT.io helps organizations detect hidden gaps through simulations and continuous monitoring β Book your session now
.
#CyberSecurity #MFA #Phishing #PayrollSecurity #HigherEducation #MicrosoftSecurity
Corporate Social Media Accounts β Hidden Risks You Canβt Ignore
π¨ Corporate Social Media β Your Hidden Security Threat
Marketing teams often control accounts, not IT.
π‘ Shared credentials and disabled MFA leave dormant accounts open to attacks.
β‘ Attackers can post offensive messages, redirect ad spend, or distribute malware.
π₯ MFA bottlenecks and social engineering create human factor vulnerabilities.
β IAM/IGA tools like Cerby centralize access, enforce MFA, and rotate passwords.
β Continuous monitoring prevents ghost accounts and unauthorized posts.
AUMINT.io simulates attacks and uncovers hidden risks before damage occurs β Book your session now
.
#CyberSecurity #SocialMediaSecurity #FraudPrevention #BrandProtection #CISO #ITSecurity