1. Forum
  2. tqw
  3. TQW GENTECH

  • Microsoft SharePoint flaw exploited to hack corporate networks

    From TechnologyDaily@1337:1/100 to All on Monday, November 04, 2024 14:15:05
    Microsoft SharePoint flaw exploited to hack corporate networks

    Date:
    Mon, 04 Nov 2024 14:02:00 +0000

    Description:
    Hackers planned for weeks, mapping out the network and stealing credentials using SharePoint.

    FULL STORY ======================================================================

    Hackers were spotted abusing a high severity vulnerability in Microsoft SharePoint to gain access to corporate IT infrastructure.

    A report from cybersecurity researchers Rapid7 revealed how unnamed cybercriminals leveraged a flaw tracked as CVE-2024-38094 to establish
    initial access on the targets network.

    This is a remote code execution (RCE) flaw in SharePoint, Microsofts
    web-based platform for collaboration and document management, with a severity score of 7.2, and was fixed in mid-July 2024 as part of a Patch Tuesday cumulative update. Advanced reasoning

    The vulnerability allowed the crooks to access the network, where they
    dwelled for two weeks.

    During that time, they used a Fast Reverse Proxy to establish an outbound connection, ran Active Directory (AD) enumeration tools, and engaged in credential dumping via multiple tools such as NTDSUtil and Mimikatz.

    Finally, they installed a Chinese antivirus solution to degrade, or disable, security tools on systems.

    This involved the service account installing the Horoung Antivirus (AV) software, which was not an authorized software in the environment, the researchers said in the blog post.

    For context, Horoung Antivirus is a popular AV software in China that can be installed from Microsoft Store. Most notably, the installation of Horoung caused a conflict with active security products on the system. This resulted in a crash of these services. Stopping the systems current security solutions allowed the attacker freedom to pursue follow-on objectives thus relating
    this malicious activity to Impairing Defenses.

    In the meantime, the US Cybersecurity and Infrastructure Security Agency (CISA) added the RCE flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving federal agencies a tight deadline to address the flaw, or
    stop using SharePoint entirely.

    Via BleepingComputer More from TechRadar Pro Microsoft SharePoint has a worrying security flaw, experts warn Here's a list of the best firewalls
    today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-sharepoint-flaw-exploited-to- hack-corporate-networks


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)