A major zero-day security vulnerability in Microsoft's widely used SharePoint server software has been exploited by hackers, causing chaos within businesses and government agencies, multiple outlets have reported. Microsoft announced that it had released a new security patch "to mitigate active attacks targeting on-premises [and not online] servers," but the breach has already effected universities, energy companies, federal and state agencies and telecommunications firms.
The SharePoint flaw is a serious one, allowing hackers to access file systems and internal configurations or even execute code, to completely take over systems. The flaw could put more than 10,000 companies at risk, Cybersecurity company Censys told The Washington Post. "It's a dream for ransomeware operators, and a lot of attackers are going to be working this weekend as well." Google's Threat Intelligence Group added that the flaw allows "persistent, unauthenticated access that can bypass future patching."
The US Cybersecurity and Infrastucture Security agency (CISA) said that any servers affected by the exploit should be disconnected from the internet until a full patch arrives. It added that the impact of the attacks is still being probed.
The vulnerability was first spotted by Eye Security, which said the flaw allows hackers to access SharePoint servers and steal keys in order to impersonate users or services. "Because SharePoint often connects to core services like Outlook, Teams, and OneDrive, a breach can quickly lead to data theft, password harvesting, and lateral movement across the network," Eye Security wrote in a blog post.
The FBI is aware of the attack and is working closely with government and private sector partners. It's not immediately clear which groups are behind the zero-day hacks. In any case, the attack is liable to put Microsoft under the microscope again. A 2023 breach of Exchange Online mailboxes led the White House's Cyber Safety Review Board to declare that Microsoft's security culture was "inadequate."
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/microsoft-sharepoint-server-vulnerability-puts-an-estimated-10000-organizations-at-risk-120006463.html?src=rss https://www.engadget.com/cybersecurity/microsoft-sharepoint-server-vulnerability-puts-an-estimated-10000-organizations-at-risk-120006463.html?src=rssJelentkezéshez jelentkezzen be
EGYÉB POSTS Ebben a csoportban
The British government has announced plans to m
Amazon's latest move in the AI space is an acquisition. The company is purchasing a startup called Bee, which makes a wearable and an Apple Watch app that can record everything the wearer says. Ama
Welcome to Video Games Weekly on Engadget. Expect a new story every Monday or Tuesday, broken into two parts. The first is a space for short essays and ramblings about video game trends and rel
Lucid EV owners will soon have full
Switch 2 owners won't have long to wait for
