SharePoint Ransomware Attacks

News

Microsoft, SharePoint and Ransomware

Microsoft SharePoint Hackers Switch Gears to Spread Ransomware

Threat actors exploit SharePoint flaws to access internal systems, steal sensitive data, and carry out surveillance, impersonation, and extortion.

The Register on MSN · 4d

Microsoft: SharePoint attacks now officially include ransomware infections

Ransomware has officially entered the Microsoft SharePoint exploitation ring. Late Wednesday, in an update to its earlier warning, Redmond confirmed that a threat group it tracks as Storm-2603 is abusing vulnerable on-premises SharePoint servers to deploy ransomware.

Bleeping Computer · 4d

Microsoft: SharePoint flaws exploited in Warlock ransomware attacks

A China-based hacking group is deploying Warlock ransomware on Microsoft SharePoint servers vulnerable to widespread attacks targeting the recently patched ToolShell zero-day exploit chain.

10h

Microsoft SharePoint Attacks Show Weaknesses of On-Prem Storage vs. Cloud

In the past week, more victims have emerged from the attack on Microsoft’s SharePoint servers in which a Chinese hacking ...

CIO Dive3d

What we know about the Microsoft SharePoint attacks

Researcher Khoa Dinh originally discovered the attack chain, and earlier this month, Code White GmbH was able to reproduce ...

2don MSN

Blame a leak for Microsoft SharePoint attacks, researcher insists

"A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told ...

Microsoft7d

Disrupting active exploitation of on-premises SharePoint vulnerabilities

Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting vulnerabilities ...

4don MSN

Microsoft SharePoint attack now sees victim count rises to 400 organizations, including US nuclear agency

New estimates regarding the recently-exploited Microsoft SharePoint vulnerabilities now evaluate that as many as 400 ...

Threat Post4y

Microsoft Office SharePoint Targeted With High-Risk Phish, Ransomware ...

From there, they’re using Cobalt Strike to pivot to the domain controller and launch ransomware attacks. CVE-2019-0604 is a high-severity CVE that can lead to remote code-execution.

Some results have been hidden because they may be inaccessible to you

Show inaccessible results