New SharePoint Hacks Evade Audit Logs, Microsoft Yet to Patch Vulnerabilities
April 11, 2024![New SharePoint Hacks Evade Audit Logs, Microsoft Yet to Patch Vulnerabilities](https://cdn.brief.news/images/stories/b039a2c8310d0c922636bb291b565262ab04970cf0f446108573ccf7eda36c48a1a5a6e5c10ba376468a58997766fe72042f4743f2121c3238970f60ec8661b2.jpg)
Security researchers discovered two new methods to extract files from SharePoint without triggering download events or audit logs.
Microsoft has acknowledged the vulnerabilities but classifies them as moderate and has not yet issued a patch.
The 'Open in App Method' and 'SkyDriveSync User-Agent' are the techniques used to stealthily copy SharePoint files.
Varonis emphasizes the importance of monitoring SharePoint and OneDrive access events to detect potential unauthorized activities.
Organizations are advised to proactively bolster their security measures in response to these unpatched vulnerabilities.
Summary based on 3 sources
Get a daily email with more Tech stories
Sources
![SharePoint security flaw helps criminals evade detection](https://cdn.brief.news/images/links/b039a2c8310d0c922636bb291b565262ab04970cf0f446108573ccf7eda36c48a1a5a6e5c10ba376468a58997766fe72042f4743f2121c3238970f60ec8661b2.jpg)
TechRadar pro • Apr 10, 2024
SharePoint security flaw helps criminals evade detection![SharePoint logs are easily circumvented and Microsoft is dragging its heels](https://cdn.brief.news/images/links/41d8e72d99e07827d8ba8b5445de530c49b43af94eee62876d5563257ef53dc6aa9a242a043b449d667b8849f1c5b66f1e51c816a45b083ba5e789fa0c59a802.jpg)
The Register • Apr 10, 2024
SharePoint logs are easily circumvented and Microsoft is dragging its heels![New covert SharePoint data exfiltration techniques revealed - Help Net Security](https://cdn.brief.news/images/links/42d90ad42d9bd84e25b46568bde6775a4d05bd813bd1a2237499ce0091ae4217a4fb03d413a7d6e1289dbfb7eb18579a77cd258eb0a68f56a5e5453cd378634e.png)
Help Net Security • Apr 10, 2024
New covert SharePoint data exfiltration techniques revealed - Help Net Security