Last week, researchers identified a vulnerability in a Microsoft 365 feature that could open a new window for hackers
The vulnerability is based on a four-stage chainattacks that begin with the compromise of the user's identity. For example, user accounts can be compromised through brute-force or phishing attacks, improper authorization through third-party applications, or user session hijacking.
The attacker then uses the credentialsperson to access their SharePoint or OneDrive accounts. There, the versioning setting is changed to then encrypt the files multiple times so that no unencrypted versions of the compromised files remain. Once files are encrypted, they can only be accessed with the correct keys, which can be costly.
Versioning is a feature in SharePoint and OneDrive that creates a record for each file, logging all changes to a document and the users who made those changes.
Users with appropriate permissionscan view, delete, or restore previous versions of a document. The number of versions to keep is determined by the version settings in the application. These version settings do not require administrator rights and are therefore easy for hackers to change.
The key to this exploit is to changethe number of document versions stored. The attacker tweaks the version settings to keep only the desired number of versions for each file. The files are then encrypted more times than the number of versions saved, leaving no backups that can be restored.
Read more
Quantum simulator showed the division of an electron into parts in one-dimensional space
Physicists have created an atomic laser that can work forever
Two planets found not far from Earth that are very similar to ours