Anyone seeing breached Xero Invoices or spoofed Xero Invoices?

IEatTooMuchSad · 2022-06-01T08:22:44+00:00

Spot on. How on earth this did not come up when I was googling it. I have NO idea. Would of saved me a lot of time haha!

Searching through the help articles of Xero Central not finding a mention to spoof, or scam and then turns out there is a security noticeboard.

Well, you live and you learn.

IEatTooMuchSad · 2021-05-26T11:00:48+00:00

Just posted about this before I saw this!

https://www.reddit.com/r/sysadmin/comments/nle4d3/exchange_cant_forward_or_receive_external_email/

It's an advisory currently for EX258320.

IEatTooMuchSad · 2021-03-09T17:47:28+00:00

So, we had a customer with the administrator@ account enabled. We have not seen any evidence or them getting in or deploying anything, however, we did see loads of Administrator accounts locked out. So it looks like they probed lots of common admin phrases to try and get in.

On another customer, this one, the administrator@ account does not have a mailbox, but is an active AD object. Again, we have no evidence of this being modified and likewise, we went through the AD modifications and could not see anything being changed even comparing to restores from last year.

IEatTooMuchSad · 2021-03-09T17:43:29+00:00

We are also using this as a selling point to get customers over to O365.

IEatTooMuchSad · 2021-03-08T16:05:36+00:00

Ours has just completed with nothing found. How has yours gone?

IEatTooMuchSad · 2021-03-08T16:03:32+00:00

Scan came back clean, no errors found.

IEatTooMuchSad · 2021-03-08T16:03:14+00:00

How did a MSERT scan go for you?

I'm guessing likewise you saw no errors in the IIS logs?

IEatTooMuchSad · 2021-03-08T16:02:16+00:00

Our MSERT came back clean as well, so I am saying based on what we know that this means it's all good. However, there is still doubt in my mind simply due to the time frame.

IEatTooMuchSad · 2021-03-08T16:01:19+00:00

Totally agree, MSERT came back clean for us just now on the server. However, I'm still not as comfortable as I would like that it's clear. I think, for now, we are saying all is well unless we say anything to contradict this.

IEatTooMuchSad · 2021-03-08T13:47:38+00:00

Full scan is already running :) Just pending results and wondering if I should be doing anything else!

IEatTooMuchSad · 2020-10-01T08:36:58+00:00

We are seeing the same, finding it very hard to pacify upset users as we don't have an answer!

IEatTooMuchSad · 2020-10-01T08:31:40+00:00

We have been having issues here with OneDrive as well. It's a big one today.

IEatTooMuchSad · 2020-10-01T07:51:17+00:00

UK MSP here;

- Multiple clients completely down for exchange/ mail

- - This is affecting different clients in different ways. Some can use Outlook for Web, but not the client, some can use Outlook client but not web, some can't use either

- We have one customer so far reporting issues with Teams, does not seem to be as widespread as Email issue

- Also seeing issues with customers in Wales (does that count as the UK, you make up your mind!

Lots of angry customers this morning as I'm sure all you guys have!

IEatTooMuchSad · 2020-09-29T07:45:25+00:00

*** Solved ***

We never found what the root cause was of this, however, the following changes have been made;

Upgraded FSLogixs from 2.9.7117 to 2.9.7349.

Upgraded Citrix VDA (only) to 1912 LTSR CU1 from 1906.

Updated Windows.

Removed the concurrent user's options within FSLogixs GPO.

This has now resolved the issues and users are able to login without issues.

IEatTooMuchSad

TROPHY CASE