Search cyberveille.decio.ch

Found 3 bookmarks

Custom sorting

File hosting services misused for identity phishing

Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.

#microsoft #EN #2024 #File #hosting #SharePoint #OneDrive #Dropbox #social-engineering #identity #phishing #research

·microsoft.com·Oct 9, 2024

File hosting services misused for identity phishing

Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud

Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun t

#zerodayinitiative #EN #2024 #SharePoint #XML #eXternal #vulnerability #CVE-2024-30043

·zerodayinitiative.com·May 31, 2024

Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its

#redpacketsecurity #EN #2024 #CISA #Microsoft #SharePoint #CVE-2023-29357

·redpacketsecurity.com·Jan 12, 2024

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability