"Hackers Compromise Mimecast Certificate For Microsoft Authentication"

The email security vendor Mimecast has announced that hackers compromised a Mimecast-issued certificate used to authenticate several of the company's products to Microsoft 365 Exchange Web Services. The certificate, discovered to be compromised, is used to authenticate Mimecast's Sync and Recover, Continuity Monitor, and Internal Email Protect (IEP) products to Microsoft 365. Mimecast was made aware of the incident by Microsoft. According to Mimecast, about 10% of its customers use the compromised connection. Those using this certificate-based connection to Microsoft 365 are urged to immediately delete the existing connection within their Microsoft 365 tenant. Once they delete this connection, they should re-establish a new certificate-based connection using the new certificate that has been issued by Mimecast. The company declined to comment on whether this attack was carried out by the same sophisticated attackers behind the SolarWinds supply-chain attack. This article continues to discuss the compromise of a Mimecast certificate used for Microsoft authentication, the impact of this incident on the company's stock, and the SolarWinds hacking campaign. 

CRN reports "Hackers Compromise Mimecast Certificate For Microsoft Authentication"