A bug in Microsoft Exchange Autodiscover feature leaks +372K of domain credentials

A flaw in the Microsoft Exchange Autodiscover feature can be exploited to harvest Windows domain and app credentials. Security researchers from Guardicore discovered a flaw in the Microsoft Exchange Autodiscover feature that can be exploited to harvest Windows domain and app credentials from users worldwide. The Microsoft Autodiscover protocol feature of Exchange email servers provides an […]

Continue Reading

Biden administration officials push Congress to shape breach reporting mandates

U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a […]

Continue Reading

Illinois Clarifies Limitations on Data Privacy Claims

Illinois Clarifies Limitations on Data Privacy Claims A court in Illinois has issued an opinion clarifying how the statute of limitations should be applied to the state’s Biometric Information Privacy Act (BIPA). In what The National Law Review described as “a highly anticipated ruling,” the Illinois Appellate Court published an opinion that while a one-year deadline would be applied […]

Continue Reading