New SharePoint Hacks Evade Audit Logs, Microsoft Yet to Patch Vulnerabilities
April 10, 2024
Security researchers discovered two new methods to extract files from SharePoint without triggering download events or audit logs.
Microsoft has acknowledged the vulnerabilities but classifies them as moderate and has not yet issued a patch.
The 'Open in App Method' and 'SkyDriveSync User-Agent' are the techniques used to stealthily copy SharePoint files.
Varonis emphasizes the importance of monitoring SharePoint and OneDrive access events to detect potential unauthorized activities.
Organizations are advised to proactively bolster their security measures in response to these unpatched vulnerabilities.
Summary based on 3 sources
Get a daily email with more Tech stories
Sources

TechRadar pro • Apr 10, 2024
SharePoint security flaw helps criminals evade detection
The Register • Apr 10, 2024
SharePoint logs are easily circumvented and Microsoft is dragging its heels
Help Net Security • Apr 10, 2024
New covert SharePoint data exfiltration techniques revealed - Help Net Security