Security researchers discovered two unrelated cyber-threat campaigns targeting Microsoft SharePoint: one using phishing and the other exploiting a remote code execution (RCE) vulnerability. The first campaign likely focused on mass targeting for maximum impact, sending phishing email recipients to a malicious webpage that prompted them to enter credentials into a purported SharePoint document. The second campaign, orchestrated by a ransomware group, occurred despite Microsoft’s release of a patch for the RCE flaw in March 2019. Last year the flaw was also exploited, by Iranian nation-state threat actors taking advantage of unpatched servers, according to Microsoft. As long as older vulnerabilities remain unaddressed and users remain susceptible to phishing, these types of campaigns will probably continue to crop up into the long-term future (beyond one year).

×
Want these
Threat Intelligence reports sent straight to your inbox?
Subscribe below!
Thank you!
Error - something went wrong!
Most Recent Flipbooks
Weekly Intelligence Summary 21 October
Main story: Ransom Cartel and REvil: Partners in cybercrime?
Weekly Intelligence Summary 14 Oct
Main story: Hacktivists fan flames of Iranian anti-regime protests
Weekly Intelligence Summary 07 Oct
Main story: ProxyNotShell spells déjà vu for MS Exchange Server defenders
Weekly Intelligence Summary 30 Sept
Main story: Rogue ex-developer leaks LockBit 3.0 builder
Weekly Intelligence Summary 23 Sept
Main story: Uber compromised by Lapsus$'s resurgence
Weekly Intelligence Summary 16 Sept
Main story: Cyber attacks shock the Italian energy sector
Weekly Intelligence Summary 09 Sept
Main story: Back to school for students and ransomware groups