Hello, welcome to the Monday, May 18th, 2020 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and the time recording from Jacksonville, Florida.

Guy this weekend looked at hits to his honeypot and found a good number of attempts to find

Outlook Web Access admin pages.

Aside from trying to exploit any vulnerability,

the most likely thing that the attacker is going to do here is credential stuffing,

where they will try usernames and passwords that they found before against this admin page.

If successful, they're sort of too common routes and attacker would go.

First of all, sending spam using your mail server.

That's, of course, always attractive.

But more severely, they may try to launch a business email compromise where they're injecting

themselves into conversations to either simply steal money or to further compromise the organization

by sending email from trusted accounts.

What was also interesting in this particular case was that many of the hits came from an

organization that identifies itself as strechoid.com.

You can add yourself to their block list where they will not scan you, but really not much

known about who is actually behind this or who is running

these scans. They sort of try to claim that they are researchers and not really going to do

any harm, but really hard to tell without knowing who's actually behind them. And sticking with

email for the next story, Edison is a somewhat popular email client in

the Apple world, so for MacOS and iOS. And late last week, Edison released a new update

that allowed synchronization of email content across different devices.

...