Urgent Security Alert: A Flaw in Microsoft SharePoint Puts Thousands of Organizations at Risk

A newly discovered, serious security flaw in a popular Microsoft product is being used by hackers to attack organizations around the world. The vulnerability is in Microsoft SharePoint, a tool many businesses use to share and manage documents. Here’s a simple breakdown of what’s happening and what you need to do to stay safe.

What is the Threat?

Think of your company's computer server as a secure building. Hackers have found a brand-new, unguarded door in servers that run a specific version of Microsoft SharePoint. This isn't just a minor issue; this flaw allows attackers to get inside, take control of the server, read, copy, or delete sensitive files, and potentially use that access to cause further damage across your network.

Because this flaw was unknown to Microsoft until the attacks started, there was no pre-built defense, making the threat particularly dangerous.

Is Your Organization at Risk?

This security flaw affects organizations that run their own on-premises SharePoint servers. In simple terms, if your company has its own physical servers in your office or data center running SharePoint, you are likely at risk.

The good news is that cloud-based services like SharePoint Online (part of Microsoft 365 or Office 365) are not affected.

The attacks seem to be widespread and random, hitting thousands of organizations of all sizes, from government agencies to small businesses.

What You Need to Do Immediately

Microsoft has released security fixes, but it's crucial to act fast. Here are the most important steps to take:

1. Update Immediately: Your IT department needs to install the latest security updates from Microsoft as soon as possible. This will patch the vulnerability and close the "unguarded door" the hackers are using.

2. Ensure Security Tools are Active: Microsoft provides built-in security tools like the Antimalware Scan Interface (AMSI) and Microsoft Defender. Your IT team should ensure these features are turned on and running correctly on your SharePoint servers.

3. Change the Locks (A Crucial Step!): Even after installing the update, you're not done. Think of it like this: even after fixing the door, someone might have already made a copy of the key. Your IT team must "change the digital locks" on the server to ensure any hackers who previously got in are kicked out for good. Simply installing the update is not enough.

4. Consider Disconnecting: If for some reason your organization cannot apply the updates right away, the safest course of action is to temporarily disconnect your SharePoint server from the internet to prevent an attack.

This is a serious and active threat. If you are unsure whether your organization is affected or how to perform these steps, we strongly urge you to take action now.

Microsoft: A History of Blunders

This SharePoint vulnerability is not an isolated incident. It's the latest in a series of security failures and questionable decisions that have raised serious concerns about Microsoft's priorities and security culture.

In April 2024, a U.S. Cyber Safety Review Board report declared that a 2023 breach of Microsoft's cloud email, which compromised the accounts of U.S. government officials, "was preventable and should never have occurred." The board concluded that Microsoft's "security culture was inadequate and requires an overhaul." That attack was attributed to a China-linked hacking group.

Adding to these concerns, it was recently revealed that Microsoft had been using engineers based in China to help maintain sensitive cloud computing systems for the U.S. Department of Defense. This practice, which relied on U.S. citizen "digital escorts" with security clearances to oversee the work, was flagged as a major national security risk. The escorts often lacked the technical expertise to verify the code they were implementing, creating a potential opening for espionage. In response to the outcry, the Defense Secretary ordered a review, and Microsoft announced it would immediately stop using China-based engineers for these services.

These events paint a troubling picture. For a company at the heart of the global technology ecosystem, these recurring issues suggest a pattern of prioritizing features and convenience over fundamental security, leaving customers, including government agencies, exposed to significant risks.

Sources:

• Washington Post

• AP News

• CRN

• ProPrublica

Intro:

No, this isn’t a cooking blog where I tell you how to fry up your favorite fishy foods. Trust me, you wouldn’t want that advice from me anyway. Instead, we’ll be serving up security insights ranging from local to global threats, and physical and cyber security topics. On this month’s menu:

Canada Bans Hikvision

In a move that mirrors actions taken by the United States and other allied nations, the Canadian government has ordered the shutdown of the Canadian operations of the Chinese state-owned technology manufacturer, Hikvision (also known as Hangzhou Hikvision Digital Technology Co.). The company's surveillance equipment has been a source of growing security concerns in the West.

The ban in Canada follows a 2022 decision by the U.S. Federal Communications Commission (FCC) to ban the sale and import of new communications equipment from five Chinese companies, including Hikvision. The U.S. has cited concerns that the company's products could be used by the Chinese government for surveillance, posing a security risk. This sentiment has been echoed by other countries, leading to a growing list of nations that have implemented full or partial bans on the use of Hikvision technology, particularly in government facilities. These concerns stem from the close ties between the company and the Chinese government, as well as the potential for backdoors in the technology that could allow for unauthorized access to sensitive information.

Takeaway:

I still see these cameras everywhere, usually it’s an older installation on smaller buildings, like retail shops. Yes, these cameras may have been a cheap lifeline a decade ago when those shops needed security. Good on them for moving forward with some form of surveillance system. But, it’s time to wake up — we’re in a cold war with China, and saving a buck on their cheap hardware could come at a future cost that I’m not willing to pay.

Do yourself and your fellow Americans a favor and upgrade that ancient system to a more reputable solution.

Source:

•  reuters.com

• ipvm.com

Mother of all dDOS!

In a stark reminder of the ever-present threat of cyberattacks, Cloudflare recently thwarted a record-breaking 7.3 terabits-per-second (Tbps) Distributed Denial-of-Service (DDoS) attack. This massive assault, aimed at a hosting provider, highlights the critical importance of individual and collective responsibility in securing our network-connected devices. The attack, which was 12% larger than the previous record, was largely comprised of a UDP (User Datagram Protocol) flood, a common method for overwhelming a target's servers with a deluge of traffic.

The attack delivered 37.4 TB (terabytes) of data in just 45 seconds. For comparison, this is equivalent to streaming 7,500 hours of HD video… in 45 seconds — Talk about binge watching…

The Hidden Danger of Unsecured Devices

The most alarming aspect of such attacks is that they are often carried out by botnets, which are vast networks of compromised devices. These devices, which can include everything from routers and security cameras to smart home gadgets, are often exploited due to weak or default passwords, unpatched vulnerabilities, and a general lack of security awareness. Once infected, these devices become "zombies" in a botnet army, ready to be weaponized for large-scale DDoS attacks, data theft, and other malicious activities. The sheer number of these devices, with an estimated 27 billion IoT devices expected by 2025, creates a massive and readily available pool of resources for cybercriminals.

Taking Ownership of Our Digital Lives

This incident underscores the urgent need for a paradigm shift in how we approach the security of our connected devices. While it may seem like a daunting task, there are several simple yet effective steps that everyone can take to protect themselves and contribute to a more secure digital ecosystem:

• Change Default Passwords: The first and most crucial step is to change the default passwords on all your devices. Use strong, unique passwords for each device and account.

• Keep Software Updated: Regularly update the firmware and software on all your devices to ensure they are patched against the latest vulnerabilities.

• Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring a second form of verification, making it much harder for unauthorized users to access your accounts.

• Secure Your Wi-Fi Network: Change your router's default settings, use strong encryption (WPA3 is recommended), and create a separate guest network for visitors and less secure IoT devices.

• Be Mindful of What You Connect: Before connecting a new device to your network, consider its security features and the manufacturer's reputation.

By taking these proactive measures, we can reclaim ownership of our network-connected devices and prevent them from being used as pawns in the escalating cyberwar. It's not just about protecting our own data and privacy; it's about contributing to a safer and more resilient internet for everyone.

Sources:

•  thehackernews.com

• bleepingcomputer.com

Shifting Gears to defense

In a chaotic scene underscoring a dangerous trend, a South Los Angeles AutoZone was ransacked by a large mob, an incident authorities believe was connected to a nearby street takeover. This marks the second time in a year the same location has been hit in this manner, where the lawless energy of the illegal car rally spilled over into opportunistic crime, causing what police estimate to be hundreds of thousands of dollars in damage and stolen merchandise.

This event is a stark illustration of why target hardening is no longer an optional security measure, but an essential business strategy, especially in environments with predictable risks.

Why Target Hardening is Crucial

Target hardening is the practice of making a location more difficult for criminals to attack. The recent AutoZone looting, where a crowd tore through a metal fence and shattered glass, highlights a critical vulnerability: being a "soft target." In high-energy, mob-mentality situations like a street takeover, the crowd will exploit the path of least resistance. A business that appears difficult to breach is often bypassed for an easier one.

Key target hardening measures that are crucial in these environments include:

• Reinforced Barriers: Upgrading doors, windows, and fencing is the first line of defense. This can include installing security window films that prevent glass from shattering, roll-down metal security shutters for after-hours protection, and reinforced door frames that can withstand significant force.

• Access Control: Limiting points of entry and controlling who can get in and out, even during business hours, can deter a mob. While challenging for retail, solutions like controlled-entry door systems can be considered in high-risk locations.

• Visible Security: The presence of high-quality, visible surveillance cameras and prominent signage advertising an alarm system can act as a psychological deterrent. While it may not stop a determined mob, it can make some participants think twice and aids law enforcement in identifying suspects later.

• Layered Defenses: No single measure is foolproof. A layered approach combining physical barriers, surveillance, alarms, and a well-rehearsed emergency plan provides the most robust protection. If one layer is breached, the next is already in place to delay criminals and alert authorities.

• Kick It Up a Notch: If you want to go the extra mile, there are more proactive, advanced solutions such as fog systems, strobes, and sirens that are sure to make perpetrators second-guess why they are there. These systems can avert a break-in altogether, or buy you valuable time as law enforcement arrive.

For businesses in areas prone to volatile events like street takeovers, assuming "it won't happen to me" is a costly gamble. The AutoZone incident is a clear signal that the chaos of these gatherings can quickly escalate, and only by proactively hardening their defenses can businesses protect their property, their employees, and their livelihood from becoming collateral damage.

Source: ktla.com

The Moneyball Misplay

Hollywood headlines once again blur with police blotters as Brad Pitt's Los Feliz home was ransacked by a burglary crew, marking yet another high-profile attack on a California luminary. The incident, where three suspects reportedly scaled a fence and smashed a window, is the latest in a string of brazen crimes targeting the rich and famous, leaving many to wonder about a puzzling paradox: why do individuals with immense wealth so often appear to be reactive, rather than proactive, when it comes to their personal security?

This question becomes even more pointed when viewed alongside the recent, horrifically violent home invasion at the Montecito estate of Beanie Babies billionaire Ty Warner. In that case, an intruder broke in, brutally attacked a staff member, and barricaded himself inside while Warner was present.

These incidents highlight a baffling vulnerability. For a fraction of their net worth—the cost of a luxury car or a weekend getaway—these individuals could implement robust, multi-layered security systems. This goes beyond a simple alarm. It means "target hardening": installing shatter-proof windows, reinforced doors, high-tech motion sensors, and, most importantly, a trained and visible security detail.

The reluctance to invest in such proactive measures is a dangerous gamble. It seems to stem from a belief that "it won't happen to me," or perhaps a desire to maintain a sense of normalcy, free from the overt presence of security. But as these repeated and escalating intrusions demonstrate, in today's environment, wealth and fame alone are not deterrents—they are magnets. Without a formidable, visible defense, these sprawling estates are not fortresses, but glittering, soft targets waiting to be hit. The cost of a break-in is no longer just stolen property; it's a violent intrusion that shatters peace of mind and, as seen in the Warner case, can have devastating, life-altering consequences.

Source: ktla.com

What’s New:

Ubiquiti is one of the fastest-growing players in the security manufacturing space, highlighted by its license-free business model. This makes the Ubiquiti ecosystem very cost-friendly, and it only gets better from there.

In their latest release, they have implemented some amazing features that puts their software on par with some of the biggest manufacturers in the space. Here is the official release from Ubiquiti if you want to check it out:

If you’re looking for a detailed breakdown, I’ll hit some of the highlights in this article. If you are a visual learner, here’s another great video showing you where and how to access some of these features:

Here’s the Highlights:

• Spotlights

  • Spotlights allow you to quickly access any new recordings of a specific type. Whether you want to highlight known faces, vehicles, or any new activity, it’s all readily accessible from the spotlights tab. Think of this as an easy and clean way to filter through your latest notifications. You can also set a duration for each spot light if you don’t want it on indefinitely.

  • AI spotlights require an AI Key. With AI spotlights, you can use plain text to highlight anything within your recordings. Using the example in the above video, he uses “cats” as his spotlight search. Now, anytime a cat is present in the recording, it will be present as a spotlight in the dashboard and readily accessible without any further digging.

• Dwell Time

  • Under highlights from the live view, you can now toggle dwell time to see how long a person, object, or animal has been present.

• Smart Object Search

  • Another feature requiring the AI Key, but is super convenient, is the smart object search. Using this, you can easily find footage of a smart detection object. Simply pause the recording when a smart detection is present, click “AI Summary”, and click on the highlighted detection once the scan is complete. This will bring up past footage of that object. Currently, this is only available for people detections, but expect this feature to be available for vehicles in a near future update.

• Plain-text Search

  • With the AI Key in the “Find Anything” tab, you can use plain text to search through your recordings. This is one of the better features in the update that really puts Ubiquiti on par with other manufacturers in the space. There are many filters to choose from in the Find Anything tab, but in essence, you can simply search through your recordings using plain language. For instance, if you typed “male wearing a black hoodie and sunglasses,” all recordings fitting that description would appear. You can even search vehicles by brand.

• Timeline Updates

  • Grid search

    • You can now highlight certain areas within a recording to further define your search. This is great if you have a known location, like a parked vehicle, package, etc., that you need to locate. See the image below for an example.

  • Object Counting

    • Within the “Playback” tab, you can further filter through different detection types within a specified time range. In addition, you can get an exact count of events by time. This is great in a retail setting to track busy times, see how many window shoppers you have via the loitering detection, etc.

  • Multi-cam Playback

    • If you want to scrub through multiple camera recording streams at once, you can now do so. Albeit with limited functionality compared to the other options highlighted in this article. To do so, simply click “Multi-Camera Playback” in the dashboard (highlighted by the red arrow below).

• System Logs

  • System logs now offer a much more granular look at all events across the platform. So much so, you can see exactly how long a user viewed a stream to the second. You can further sort through the additional logs via “Devices,” “Users,” and “Categories,” such as detections by type, site activity, admin activity, and more. Essentially, nothing will be missed, making this update one step closer to an enterprise-friendly platform.

Summary:

These are some very powerful updates released with UniFi Protect 6.0! I expect additional functionality to be added in future updates to supplement this impressive software release. If you don’t have an AI Key, this might be the catalyst needed to get one!

See the full press release here.