Security News

Microsoft 365 outage blocks access to OneDrive, SharePoint files
2021-11-02 16:08

A Microsoft 365 outage prevents access to files, such as Excel documents, stored on the SharePoint Online, OneDrive, Office, and Microsoft Teams cloud storage services. The outage started at approximately 11:40 AM EST, with admins and users reporting on social media that they could not open files stored on OneDrive or SharePoint.

Phishing Campaign Dangles SharePoint File-Shares
2021-08-04 14:44

Attackers are using spoofed sender addresses and Microsoft SharePoint lures in a new phishing campaign that is "Sneakier than usual" and can slip through the usual security protections in its aim to fool people into giving up their credentials, Microsoft researchers discovered. Microsoft Security Intelligence researchers discovered the campaign targeting organizations that use Microsoft Office 365 by using the file-sharing aspect of SharePoint, they revealed in a tweet on Tuesday.

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware Attacks
2021-04-28 19:00

SharePoint servers are being picked at with high-risk, legitimate-looking, branded phish messages and preyed on by a ransomware gang using an old bug. The phish is targeting Office 365 users with a legitimate-looking SharePoint document that claims to urgently need an email signature.

Mysterious bug is deleting Microsoft Teams, SharePoint files
2021-03-18 20:18

Microsoft SharePoint and Microsoft Teams users report files are missing or moved to the Recycle Bin after the recent Azure Active Directory outage this week. Since Tuesday, BleepingComputer has spoken to numerous Microsoft SharePoint administrators bombarded with client calls about missing files in their SharePoint folders.

Mysterious bug is deleting Microsoft SharePoint, Teams files
2021-03-18 20:18

Microsoft SharePoint and Microsoft Teams users report files are missing or moved to the Recycle Bin after the recent Azure Active Directory outage this week. Since Tuesday, BleepingComputer has spoken to numerous Microsoft SharePoint administrators bombarded with client calls about missing files in their SharePoint folders.

Microsoft Office February security updates patch Sharepoint, Excel RCE bugs
2021-02-10 14:28

Microsoft has addressed important severity remote code execution vulnerabilities affecting multiple Office products in the January 2021 Office security updates. Microsoft also released non-security Office updates last week addressing bugs that may lead to PowerPoint crashes and other issues affecting Windows Installer editions of Office 2016, Office 2013, and Office 2010 products.

LogoKit Simplifies Office 365, SharePoint ‘Login’ Phishing Pages
2021-01-28 16:46

A newly-uncovered phishing kit, dubbed LogoKit, eliminates headaches for cybercriminals by automatically pulling victims' company logos onto the phishing login page. These targeted services range from generic login portals to false SharePoint, Adobe Document Cloud, OneDrive, Office 365, and cryptocurrency exchange login portals.

Microsoft Office security updates fix critical SharePoint RCE bugs
2020-12-11 12:39

Microsoft has addressed critical remote code execution vulnerabilities in multiple SharePoint versions with this month's Office security updates. Redmond also issued the December 2020 Patch Tuesday security updates, with security updates for 58 vulnerabilities, nine of them rated as Critical.

Microsoft Patches Critical SharePoint, Exchange Security Holes
2020-12-08 18:52

Microsoft's final batch of security patches for 2020 shipped today with fixes for at least 58 documented vulnerabilities affecting a wide range of OS and software products. The December security updates include fixes for code execution vulnerabilities in the company's flagship Windows operating system and serious problems in Microsoft Sharepoint, Microsoft Exchange, HyperV, and a Kerberos security feature bypass.

UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug
2020-10-16 14:42

NCSC, the cybersecurity arm of the UK's GCHQ intelligence service, urges organizations to make sure that all Microsoft SharePoint products in their environments are patched against CVE-2020-16952 to block takeover attempts. The server-side include vulnerability was reported by information security specialist Steven Seeley of Qihoo 360 Vulcan Team who found that it affects Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Foundation 2013 Service Pack 1, and Microsoft SharePoint Server 2019.