Security researchers discovered two unrelated cyber-threat campaigns targeting Microsoft SharePoint: one using phishing and the other exploiting a remote code execution (RCE) vulnerability. The first campaign likely focused on mass targeting for maximum impact, sending phishing email recipients to a malicious webpage that prompted them to enter credentials into a purported SharePoint document. The second campaign, orchestrated by a ransomware group, occurred despite Microsoft’s release of a patch for the RCE flaw in March 2019. Last year the flaw was also exploited, by Iranian nation-state threat actors taking advantage of unpatched servers, according to Microsoft. As long as older vulnerabilities remain unaddressed and users remain susceptible to phishing, these types of campaigns will probably continue to crop up into the long-term future (beyond one year).
Most Recent Flipbooks
Main story: Ransom Cartel and REvil: Partners in cybercrime?
Main story: Hacktivists fan flames of Iranian anti-regime protests
Main story: ProxyNotShell spells déjà vu for MS Exchange Server defenders
Main story: Rogue ex-developer leaks LockBit 3.0 builder
Main story: Uber compromised by Lapsus$'s resurgence
Main story: Cyber attacks shock the Italian energy sector
Main story: Back to school for students and ransomware groups