Security Blog Archives - Page 4 of 7

Yesterday most of the mail administrators, organizations, and MSPs worldwide suddenly found that their mail was being rejected as it reported as being listed in the blacklist at bl.spamcop.net.

SpamCop, a wholly-owned subsidiary of Cisco Systems, provides a Real-time Blackhole List (RBL) that mail servers can use to determine if incoming mail should be marked as spam, suffered a worldwide outage after its domain mistakenly was allowed to expire.

As a consequence of this all cloud services and mail servers – including Libraesva, Cisco and Barracuda only to mention a few – who use their RBL started to reject incoming mail automatically.

According to a post on Reddit, when visiting spamcop.net, the domain was shown as parked , and users that tried to contact Cisco didn’t get any answer. Libraesva has contacted Cisco as well with further questions but has not received any reply from them as of yet.

Sunday evening finally Cisco renewed the spamcop.net domain, but some customers and mail administrators are still reporting that they continue to see issues with their incoming mail being blocked by SpamCop. This is due to the DNS systems dealing with cache and TTL. We suggest to manually expire DNS cache before re-enable the SpamCop RBL Service.

We do apologize with all Libraesva’s customers for any inconvenience that we may have caused relying on SpamCop RBL.

Earlier in December another big company offering cloud storage – Wasabi – had a worldwide outage caused by its domain being suspended by GoDaddy and taking down on their knees all customers worldwide, being unable to resolve their object storage bucket.

It seems that simple tasks like keeping a service domain active and healthy are huge problems for these industry giants… Nevertheless if this is a mission critical task with worldwide impact.

Mimecast® for Microsoft 365™ hacked

January 18, 2021/in Security Blog/by Paolo Frizzi

A few days ago, Microsoft® informed that a Mimecast® for Microsoft 365™ certificate has been hacked and is being used against Mimecast’s customers.

This certificate allows full administrative access to the Microsoft 365™ Exchange Web Services of some Mimecast’s customers, estimated to be around 10% of their global install base, who had configured the integration between Mimecast® and Microsoft 365™.

Since this announcement was made, we have been asked by our channel partners and customers if the integration between Libraesva’s products and Microsoft 365™ can be abused in the same way.

The short answer is no. The long answer is no, because…

1) We do not use a single certificate to authenticate against our customer’s Microsoft 365 tenants.

Libraesva products (Email Security Gateway and Email Archiver) authenticate to Microsoft 365™ using credentials that are unique for each tenant.

A single certificate that acts as a passe-partout key for full access to many customer’s tenants is a bad design choice from a security standpoint. This is, of course, our opinion.

2) We instruct our customers to provide to Libraesva with the minimum set of permissions we require.

Libraesva asks for the minimum set of permissions required to provide the services we provide. We do not advise our customers to provide complete access to their own tenants. We ask them to only provide the permissions that they need, based on how they use our products.

3) We have a de-centralized architecture.

Libraesva’s products are designed for full isolation between customers. Each customer ‘lives’ in a separate virtual appliance, with a unique IP address. We do not store access credentials in any central repository.

As Libraesva is a security company, we know that security is difficult and that anybody can fail. Our architectural and software design choices are based on strict security principles, among which is avoiding any single point of failure.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cyber criminals are escalating. When did you last test your email security?

Why and how SPF, DKIM and DMARC are all essential to your email security

Stop your employees from taking the bait

Account takeover: best practices for reducing risk

Cyberwarfare and email: what you need to know

What kind of AI do we need in security?

Phishing Layer 8 – The Human Layer

Misleading concepts about Email Security Gateways are being spread by new players of the email security industry

Cisco’s SpamCop service: worldwide outage after its domain expired

Mimecast® for Microsoft 365™ hacked

Products

Industry

Solutions

Resources

Partners

Company