New SharePoint Hacks Evade Audit Logs, Microsoft Yet to Patch Vulnerabilities

April 11, 2024
New SharePoint Hacks Evade Audit Logs, Microsoft Yet to Patch Vulnerabilities
  • Security researchers discovered two new methods to extract files from SharePoint without triggering download events or audit logs.

  • Microsoft has acknowledged the vulnerabilities but classifies them as moderate and has not yet issued a patch.

  • The 'Open in App Method' and 'SkyDriveSync User-Agent' are the techniques used to stealthily copy SharePoint files.

  • Varonis emphasizes the importance of monitoring SharePoint and OneDrive access events to detect potential unauthorized activities.

  • Organizations are advised to proactively bolster their security measures in response to these unpatched vulnerabilities.

Summary based on 3 sources


Get a daily email with more Tech stories

Related Stories