Hornetsecurity’s Post

🔄 Ensuring Business Continuity: The Importance of SharePoint Server Backup 🛡️💼 Microsoft SharePoint Server is a vital tool for many organizations, facilitating seamless collaboration and document management. However, ensuring that your SharePoint data is secure and recoverable is paramount. Acronis' latest blog post provides an essential guide to backing up your SharePoint Server. Implementing a robust backup strategy for your SharePoint Server is not just a best practice—it's essential for maintaining your business operations and protecting your valuable data. #SharePoint #DataBackup #BusinessContinuity #Acronis #CyberSecurity #TechStrategy #DataProtection https://hubs.la/Q02Bpf-D0

Researchers have uncovered two methods that could allow attackers to bypass or manipulate audit logs when downloading files from Microsoft SharePoint. SharePoint, a web-based platform integrated with Microsoft Office and 365, is widely used for document management, collaboration, and data storage by companies globally. Due to the sensitive nature of the information stored on SharePoint, many organizations employ auditing to track significant events, such as data downloads - triggering alerts in various security tools like cloud access security, data loss prevention, and SIEM platforms. The first technique exploits SharePoint's "Open in App" feature, which doesn't trigger a typical "FileDownloaded" event but instead generates an "Access" event that may go unnoticed by administrators. This method involves opening files from a cloud location using a non-expiring URL, allowing for silent data exfiltration. The second technique pertains to spoofing the User-Agent string to mimic Microsoft SkyDriveSync, disguising file downloads as data syncing events in the logs. Despite being disclosed in November 2023, these issues were deemed of moderate severity, delaying immediate fixes. SharePoint administrators are advised to remain vigilant and monitor for suspicious access activity, implementing mitigation strategies until patches are released. #ChelseaTech #ChelseaTechnologies #cybercrime #cyberprotection #cyber #cybersecurity #technologysolutions #cyberattack #cyberdefense #cybernews #technologynews #technology #sharepoint #microsoft

15 SharePoint Online Security Best Practices When we set up a site in SharePoint and all our libraries, lists, and documents, everything ends up with site-level permissions by default. And most admins leave it that way, but it's risky! Leaving site-level permissions instead of item-level permissions leaves all our confidential data open for attackers. That's why tweaking SharePoint security settings is essential. Here, we have a handy list of SharePoint Online security best practices organized into two main categories: - Securing SharePoint as an environment. - Securing the data within SharePoint. This list features the most important security settings and helps you stop misusing SharePoint!

Attention SharePoint Users! New Techniques Allow Hackers to Steal Files Undetected Here's the scoop: Researchers found ways for attackers to bypass detection when stealing files from SharePoint. This is concerning because SharePoint stores sensitive data for many businesses. How it works: Hackers can exploit two methods: "Open in App" Feature: This lets users open files with desktop programs, but it doesn't trigger a download event in the logs, making it look harmless. Spoofed User-Agent: Attackers can disguise themselves as a legitimate service (Microsoft SkyDriveSync) to mask file downloads as syncing activity. What to do: Be Aware: SharePoint admins need to be aware of these techniques until official security patches are released. Monitor Activity: Watch for unusual access attempts, like a surge of activity in a short time or new devices from strange locations. Review Sync Events: Scrutinize data synchronization events for suspicious patterns or unexpected data volumes. Stay vigilant! By following these steps, you can help prevent attackers from stealing your sensitive data. #CyberSecurity https://lnkd.in/gkrcWA3X

SharePoint event logs can already be challenging to translate definitively into "this action was taken by the user at this time stamp". This just makes it even harder to rely on that log data to provide definitive answers about what was or was not accessed/downloaded/modified.

📣 Flaw in SharePoint helps hackers evade detection when stealing files 📣 Researchers at Varonis Threat Labs have found two methods that could allow attackers to bypass or lessen the severity of audit logs when downloading files from SharePoint. 1️⃣ Open in App Exploit: The “Open in App” feature, which opens documents in applications like Microsoft Word, creates an “Access” event instead of a “FileDownloaded” event, potentially going unnoticed by administrators. 2️⃣ User-Agent Spoofing: By spoofing the User-Agent string to resemble Microsoft SkyDriveSync, file downloads can appear as data syncing events, reducing the chance of detection by security teams. 👉 Varonis recommends monitoring for unusual access activity and scrutinizing sync events for anomalies until Microsoft addresses these moderate-severity issues. #cybersecurity #news #vulnerability #sharepoint

New covert SharePoint data exfiltration techniques revealed: Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data loss prevention, and SIEMs, by hiding downloads as less suspicious access and sync events,” they noted. The techniques, and why they may work Microsoft SharePoint is used by organizations to facilitate employee collaboration, … More → The post New covert SharePoint data exfiltration techniques revealed appeared first on Help Net Security.

Sidestepping SharePoint Security: Sidestepping Detection While Exfiltrating SharePoint Data: Best Practices for Secure Information Transfer As a security-conscious SharePoint user, it’s crucial to understand the latest vulnerabilities in the system. Two new techniques have been identified that allow stealthy data removal without triggering the usual detection mechanisms. One approach manipulates SharePoint’s “open in app” feature to download files […] The post Sidestepping SharePoint Security appeared first on TruTech. #Uncategorized

Sidestepping SharePoint Security: Sidestepping Detection While Exfiltrating SharePoint Data: Best Practices for Secure Information Transfer As a security-conscious SharePoint user, it’s crucial to understand the latest vulnerabilities in the system. Two new techniques have been identified that allow stealthy data removal without triggering the usual detection mechanisms. One approach manipulates SharePoint’s “open in app” feature to download files […] #TechnologyInsights

Researchers at Varonis Threat Labs have uncovered two techniques that could compromise audit logs and create less severe entries when downloading files from Microsoft SharePoint. Due to the sensitivity of SharePoint data, companies often audit events like file downloads to trigger alerts in security tools. However, exploiting the "Open in App" feature or spoofing User-Agent strings can circumvent these safeguards. While Microsoft has acknowledged the issues, immediate fixes aren't expected. Until then, SharePoint admins should remain vigilant and monitor for suspicious activity, such as high volumes of access or unusual device introductions. Varonis recommends proactive monitoring and scrutiny of sync events to detect anomalies, helping organizations stay ahead of potential data exfiltration risks. #DataSecurity #SharePoint #CyberSecurity #VaronisThreatLabs #Microsoft