Hackers breached the email servers of the European Banking Authority (EBA) as part of the global cyberattacks targeting Microsoft Exchange Server – and while the Paris-based financial security agency for the European Union says that no data has been stolen as part of the attack, it remains on high alert.
The EBA fell victim to a hacking campaign exploiting four zero-day vulnerabilities in Microsoft Exchange Server that has affected tens of thousands of organisations around the world.

More Coverage

The vulnerabilities allowed cyber attackers to gain access to the European Banking Authority’s email servers, initially leading to fears that personal data may have been accessed by hackers.
SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)
However, in an update on the investigation into the incident, the EBA said the email infrastructure has been secured and at this stage it’s believed “no data extraction has been performed” and there’s “no indication to think that the breach has gone beyond our email servers”.
The EBA’s email system was taken offline as a precautionary measure but it has now been fully restored following the deployment of additional security measures.
“Since it became aware of the vulnerabilities, the EBA has taken a proactive approach and carried out a thorough assessment to appropriately and effectively detect any network intrusion that could compromise the confidentiality, integrity and availability of its systems and data,” the EBA said in a statement.

“Besides re-securing its email system, the EBA remains in heightened security alert and will continue monitoring the situation,” it added.
Analysis of the Microsoft Exchange Server attack was carried out by the European Banking Authority in collaboration with the European Union’s Computer Emergency Response Team (CERT-EU), as well as additional security experts.
The EBA is just one of thousands of organisations around the world that are believed to have been targeted by attackers exploiting newly discovered zero-day flaws in Microsoft Exchange Server, the email inbox, calendar, and collaboration solution used by enterprises of all sizes around the world.
Microsoft has released a security update to patch the vulnerabilities and is urging customers to apply it as soon as possible to protect themselves from being attacked.
The cyberattacks targeting Microsoft Exchange Server have been attributed to a state-sponsored advanced persistent threat (APT) hacking group working out of China, dubbed Hafnium.
Other organisations targeted by the hacking group include think tanks, non-profits, defence contractors, higher education institutions and infectious disease researchers.
MORE ON CYBERSECURITY More

Carrying around unsecured data on flash drives is a bad idea.

One mistake on your part — or on the part of the weakest link in your organization — and that data can be in the hands of anyone.If that data is sensitive, then you’re going to have some serious headaches, along with the potential for legal troubles and fines.Must read: Apple broke the bad news to iPhone fansFar better to have that data properly secured and encrypted when it’s on a physical device, and as a tool that makes that as simple as possible is the Apricorn Aegis Padlock SSD.This SSD drive is small enough to fit into the palm of your hand or slip into a pocket and comes in capacities ranging from 240GB to a whopping 4TB. Having this range of options is great because it means that you can buy the capacity you need, and no more, which saves money.

The drive itself is rugged and reliable. The aluminum enclosure complete with the wear-resistant keypad is rated to IP66 dirt, and dust resistant is crushproof to 6,500 lbs, shock and vibration resistant, unaffected by high humidity, and works in extreme temperatures from -40°F to 158°F (-40°C to 70°C).It’s a rugged drive. While on first blush, it might seem like the membrane keyboard is a weak point, having been using these drives for years, I’ve found them to be very reliable.From a security point of view, the Aegis Padlock SSD conforms to FIPS 140-2 hardware data protection and features real-time hardware AES-XTS 256-bit encryption. No host software is required on any device to run access the data so that this drive can run on pretty much any system.In addition to PIN codes for access, you can add an admin PIN, PINs for read-only access, and even a self-destruct PIN. It also features built-in hardware brute-force protection for added security.Another great feature is that this drive is 100% bus-powered, so there are no power supplies to carry and no internal batteries to keep charged up. The drive also features a rugged built-in USB-A cable.This drive is also no performance slouch and is capable of reading and write speeds up to 230MB.

On top of all that, you get a three-year warranty.

Prices start at $177.

ZDNet Recommends More

Image: Deagreez/GETTY Mark Russinovich, the chief technology office (CTO) of Microsoft Azure, says developers should avoid using C or C++ programming languages in new projects and instead use Rust because of security and reliability concerns. Rust, which hit version 1.0 in 2020 and was born at Mozilla, is now being used within the Android Open […] More

SkillUp/Shutterstock While trolling through the dark web this week, I found my Twitter account’s data.  A dark web site this month released a data set of 200 million Twitter profiles. That’s where I found my account’s data. I know my data hadn’t been revealed in earlier releases because I’d checked then. In my business, I […] More

Zain bin Awais Follow ZDNET: Add us as a preferred source<!–> on Google. ZDNET’s key takeaways The iPhone Fold could come close to Samsung’s Galaxy Z Fold 7 in terms of thickness. Apple’s first foldable iPhone might bring Touch ID back to iPhones. It is rumored to sport a smaller display than the iPhone 16. […] More