New Microsoft Exchange credential stealing malware could be worse than phishing

Security on TechRepublic

While looking for additional Exchange vulnerabilities in the wake of this year’s zero-days, Kaspersky found an IIS add-on that harvests credentials from OWA whenever, and wherever, someone logs in.

Liked it? Take a second to support IT Security News on Patreon!