A major zero-day security vulnerability in Microsoft's widely used SharePoint server software has been exploited by hackers, causing chaos within businesses and government agencies, multiple outlets have reported. Microsoft announced that it had released a new security patch "to mitigate active attacks targeting on-premises [and not online] servers," but the breach has already effected universities, energy companies, federal and state agencies and telecommunications firms.
The SharePoint flaw is a serious one, allowing hackers to access file systems and internal configurations or even execute code, to completely take over systems. The flaw could put more than 10,000 companies at risk, Cybersecurity company Censys told The Washington Post. "It's a dream for ransomeware operators, and a lot of attackers are going to be working this weekend as well." Google's Threat Intelligence Group added that the flaw allows "persistent, unauthenticated access that can bypass future patching."
The US Cybersecurity and Infrastucture Security agency (CISA) said that any servers affected by the exploit should be disconnected from the internet until a full patch arrives. It added that the impact of the attacks is still being probed.
The vulnerability was first spotted by Eye Security, which said the flaw allows hackers to access SharePoint servers and steal keys in order to impersonate users or services. "Because SharePoint often connects to core services like Outlook, Teams, and OneDrive, a breach can quickly lead to data theft, password harvesting, and lateral movement across the network," Eye Security wrote in a blog post.
The FBI is aware of the attack and is working closely with government and private sector partners. It's not immediately clear which groups are behind the zero-day hacks. In any case, the attack is liable to put Microsoft under the microscope again. A 2023 breach of Exchange Online mailboxes led the White House's Cyber Safety Review Board to declare that Microsoft's security culture was "inadequate."
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/microsoft-sharepoint-server-vulnerability-puts-an-estimated-10000-organizations-at-risk-120006463.html?src=rss https://www.engadget.com/cybersecurity/microsoft-sharepoint-server-vulnerability-puts-an-estimated-10000-organizations-at-risk-120006463.html?src=rssMelden Sie sich an, um einen Kommentar hinzuzufügen
Andere Beiträge in dieser Gruppe
Elgato’s latest capture card supports 4K at 60 fps to capture rich in‑game imagery in all its glory. The Game Capture 4K S works with just about any modern console, PC or handheld gaming device, in
Supermassive Games, the developer behind story-driven games like Until Dawn, The Quarry and The Dark Pictures Anthology, is cutting its workforce due to the ongoing "chal
Microsoft has unveiled a new Surface Laptop 5G as part of its computing collection for business customers. The company said that a 5G option was in the works for its business line back in January w
OpenAI has struck a deal with Oracle to add an astounding 4.5 gigawatts of
