Search cyberveille.decio.ch

Found 4 bookmarks

Custom sorting

File hosting services misused for identity phishing

Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities, and include business email compromise (BEC) attacks.

#microsoft #EN #2024 #File #hosting #SharePoint #OneDrive #Dropbox #social-engineering #identity #phishing #research

·microsoft.com·Oct 9, 2024

File hosting services misused for identity phishing

Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud

Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun t

#zerodayinitiative #EN #2024 #SharePoint #XML #eXternal #vulnerability #CVE-2024-30043

·zerodayinitiative.com·May 31, 2024

Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability impacting Microsoft SharePoint Server to its

#redpacketsecurity #EN #2024 #CISA #Microsoft #SharePoint #CVE-2023-29357

·redpacketsecurity.com·Jan 12, 2024

Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability

SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) | STAR Labs

Brief I may have achieved successful exploitation of a SharePoint target during Pwn2Own Vancouver 2023. While the live demonstration lasted only approximately 30 seconds, it is noteworthy that the process of discovering and crafting the exploit chain consumed nearly a year of meticulous effort and research to complete the full exploit chain. This exploit chain leverages two vulnerabilities to achieve pre-auth remote code execution (RCE) on the SharePoint server: Authentication Bypass – An unauthenticated attacker can impersonate as any SharePoint user by spoofing valid JSON Web Tokens (JWTs), using the none signing algorithm to subvert signature validation checks when verifying JWT tokens used for OAuth authentication.

#starlabs.sg #EN #2023 #CVE-2023–29357 #SharePoint #CVE-2023–24955

·starlabs.sg·Jan 12, 2024

SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) | STAR Labs