New OWA attack steals Outlook passwords

Businesses beware. Security firm Cybereason researchers recently discovered a backdoor in Microsoft’s Outlook Web Application (OWA)  that steals passwords. Dan Godin of Ars Technica reported this morning:

Researchers have uncovered advanced malware that can steal virtually all of a large organization’s e-mail passwords by infecting its Outlook Web Application (OWA) mail server over an extended period of time.