Security News

Phishing scam uses Sharepoint and One Note to go after passwords
2020-09-02 14:03

The Sharepoint link you're expected to click to access the One Note file does look suspicious because there's no clear connection between the sender's company and the location of the One Note lure. It's only at this stage that the crooks present their call-to-action link - the click that they didn't want to put directly ino the original email, where it would have stood out more obviously as a phishing scam.

Week in review: PoC for wormable SharePoint RCE released, how to select a DMARC solution
2020-07-26 08:00

Details and PoC for critical SharePoint RCE flaw releasedA "Wormable" remote code execution flaw in the Windows DNS Server service temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix. Microsoft releases new encryption, data security enterprise toolsMicrosoft has released several new enterprise security offerings to help companies meet the challenges of remote work.

PoC Released for Critical Vulnerability Exposing SharePoint Servers to Attacks
2020-07-22 18:28

Tracked as CVE-2020-1147 and considered critical severity, the bug occurs when the software doesn't check the source markup of XML file input. "The vulnerability is found in the DataSet and DataTable types which are.NET components used to manage data sets," the software giant revealed in an advisory published last week.

Details and PoC for critical SharePoint RCE flaw released
2020-07-21 09:57

Last week, a "Wormable" remote code execution flaw in the Windows DNS Server service temporarily overshadowed all the other flaws patched by Microsoft on July 2020 Patch Tuesday, but CVE-2020-1147, a RCE affecting Microsoft SharePoint, was also singled out as critical and requiring a speedy fix. Implementing the offered security updates has since become even more urgent, as more exploitation details and a PoC have been released on Monday.

Attackers Claim Identity of Financial NGO to Steal Sharepoint, Office Credentials
2020-05-06 13:05

A new phishing campaign is targeting investment brokers with fraudulent emails aimed at stealing their Microsoft SharePoint and Office credentials, by invoking the identity of a credible financial regulatory organization. The "Widespread, ongoing phishing campaign" is using emails that claim to be from specific officers at the Financial Industry Regulatory Authority, in an attempt to direct investment brokers to give up their Microsoft Office or SharePoint passwords, according to a post on the organization's website.

Phishers target investment brokers, aim for Office, SharePoint login credentials
2020-05-05 09:47

Phishers are trying to trick investment brokers into sharing their Microsoft Office or SharePoint login credentials by impersonating FINRA, a non-governmental organization that regulates member brokerage firms and exchange markets. Phishers target investment brokers with malicious emails.

UN hacked via unpatched SharePoint server
2020-01-31 13:04

The UN suffered a major data breach last year after it failed to patch a Microsoft SharePoint server, it emerged this week. According to the outlet, internal UN staffers announced the compromise on 30 August 2019, explaining that the "Entire domain" was probably compromised by an attacker who was lurking on the UN's networks.

U.N. Hack Stemmed From Microsoft SharePoint Flaw
2020-01-30 16:02

According to the confidential document, at least 42 U.N. servers were compromised in Geneva and Vienna, potentially exposing staff personnel data and sensitive documents for other organizations collaborating with the U.N. "Although it is unclear what documents and data the hackers obtained in the 2019 incident, the report implies that internal documents, databases, emails, commercial information and personal data may have been available to the intruders - sensitive data that could have far-reaching repercussions for staff, individuals and organisations communicating with and doing business with the U.N.," Ben Parker, with The New Humanitarian, said on Wednesday. Servers in three separate locations were compromised: the U.N. office at Vienna; the U.N. office at Geneva; and the U.N. Office of the High Commissioner for Human Rights headquarters, also in Geneva.

UN hacked: Attackers got in via SharePoint vulnerability
2020-01-30 13:49

The UN did not share that discovery with the authorities, the public, or even the potentially affected staff, and we now know about it only because TNH reporters got their hands on a confidential report by the UN. How was the UN hacked? According to the report, the attack started in July 2019, when the attackers managed to compromise a server located at the UN Office in Vienna through CVE-2019-0604, a security hole in Microsoft SharePoint patched by Microsoft in February 2019 and subsequently widely exploited by attackers to hit a variety of targets worldwide.

UN didn't patch SharePoint, covered up massive hack of multiple key systems – and kept most staff in the dark
2020-01-29 22:39

The United Nations' European headquarters in Geneva and Vienna were hacked last summer, putting thousands of staff records at miscreants' fingertips. Despite the size and extent of the hack, the UN decided to keep it secret.