A Mimecast-issued certificate provided to certain customers to authenticate Mimecast Sync and Recover, Continuity Monitor, and IEP products to Microsoft 365 Exchange Web Services has been compromised by a sophisticated threat actor. Oliver Tavakoli, CTO, says that all of the organization’s digital certificates (ones the organization owns and has private keys for) should be destroyed and recreated in this instance.