Sharepoint vulnerability exploited in the wild

The CVE-2019-0604 (Sharepoint) exploit and what you need to know
AT&T Alien Labs has seen a number of reports of active exploitation of a vulnerability in Microsoft Sharepoint (CVE-2019-0604).
One report by the Saudi Cyber Security Centre appears to be primarily targeted at organisations within the kingdom.
An earlier report by the Canadian Cyber Security Centre identified similar deployment of the tiny China Chopper web-shell to gain an initial foothold.
AT&T Alien Labs has identified malware that is likely an earlier version of the second-stage malware deployed in the Saudi Intrusions:
This malware sample was shared by a target in China. The malware receives commands encrypted with AES at http://$SERVER/Temporary_Listen_Addresses/SMSSERVICE – and has the ability to:
Execute commands; and
Download and upload files
It’s likely multiple attackers are now using the exploit. One user on Twitter has…

Posted by: Chris Doman

Read full post

       

The post Sharepoint vulnerability exploited in the wild appeared first on Cybersecurity Insiders.

July 03, 2019 at 09:09AM

Posted in: Cyber Security, Cybersecurity Insiders, Hacking, Hacking Articles, Hacking News, Security