Connect with us

Tech

Proofpoint identifies Microsoft 365 functionality that opens new cloud-based attack vectors

Published

on

Proofpoint identifies Microsoft 365 functionality that opens new cloud-based attack vectors

Why it matters: Cybersecurity firm Proofpoint recently released vulnerability findings related to two popular enterprise cloud applications, SharePoint Online and OneDrive. The firm’s findings explained how bad actors can leverage basic functionality in the applications to encrypt and hold a user’s files and data for ransom. The vulnerability presents hackers with another avenue to attack cloud-based data and infrastructure.

The exploit relies on a four-step attack chain that begins with a specific user’s identity being compromised. The malicious actor uses the individual’s credentials to access a user’s SharePoint or OneDrive accounts, change versioning settings, and then encrypts the files multiple times, leaving no unencrypted version of the compromised files. Once encrypted, the files can only be accessed using the right decryption keys.

User accounts can be compromised by brute force or phishing attacks, improper authorization via third party OAuth apps, or hijacked user sessions. Once compromised, any action to exploit the vulnerability can be scripted to run automatically via application program interfaces (APIs), Windows PowerShell, or through the command line interface (CLI).

Versioning is a function in SharePoint and OneDrive that creates a historic record for each file, logging any document changes and the user(s) who made those changes. Users with appropriate permissions can then view, delete, or even restore earlier versions of the document. The number of versions kept is determined by the versioning settings in the application. Version settings do not require administrator-level permissions and can be accessed by any site owner or user with proper permissions.

Changing the number of document versions retained is key to this exploit. The malicious actor configures the versioning settings to keep the desired number of versions per file. The files are then encrypted more times than the number of versions retained, leaving no recoverable backed up versions.

For example, setting the document versioning to one and then encrypting the file twice would result in the master copy and single retained version both being encrypted. At this point the ransomed files must be decrypted using the corresponding decryption key or remain unrecovered.

Encryption is not the only way the versioning setting can be exploited. The hacker may opt to keep a copy of the original document and then proceed to make a number of changes to the document that exceeds the number of versions being kept. For example, if the versioning is set to retain the last 200 copies, the actor can make 201 changes. This would ensure that the master copy in SharePoint or OneDrive and all retained backups have been altered while holding the original copy for ransom.

Proofpoint’s blog provides several recommendations to help protect you and your organization from this type of attack. These recommendations, some of which rely on Proofpoint’s suite of cybersecurity products, focus on early detection of high-risk configurations and behaviors, enhanced access management, and ensuring sufficient backup and recovery policies are in place.

Image credit: Ransomware attack process from Proofpoint

Read More

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Tech

USB logos finally make sense, thanks to a redesign

Published

on

By

USB logos finally make sense, thanks to a redesign


Author: Mark Hachman
, Senior Editor

As PCWorld’s senior editor, Mark focuses on Microsoft news and chip technology, among other beats. He has formerly written for PCMag, BYTE, Slashdot, eWEEK, and ReadWrite.

Read More

Continue Reading

Tech

Cheaper OLED monitors might be coming soon

Published

on

By

Cheaper OLED monitors might be coming soon


Author: Michael Crider
, Staff Writer

Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.

Read More

Continue Reading

Tech

New Pixel Watch leak reveals watch faces, strap styles and more

Published

on

By

New Pixel Watch leak reveals watch faces, strap styles and more
Google Pixel watch



The Google Pixel Watch is incoming
(Image credit: Google)

We’re expecting the Google Pixel Watch to make its full debut on Thursday, October 6 – alongside the Pixel 7 and the Pixel 7 Pro – but in the meantime a major leak has revealed much more about the upcoming smartwatch.

Seasoned tipster @OnLeaks (opens in new tab) has posted the haul, which shows off some of the color options and band styles that we can look forward to next week. We also get a few shots of the watch interface and a picture of it being synced with a smartphone.

Watch faces are included in the leak too, covering a variety of different approaches to displaying the time – both in analog and digital formats. Another image shows the watch being used to take an ECG reading to assess heartbeat rate.

Just got my hands on a bunch of #Google #PixelWatch promo material showing all color options and Watch Bands for the first time. Some details revealed as well…@Slashleaks 👉🏻 https://t.co/HzbWeGGSKP pic.twitter.com/N0uiKaKXo0October 1, 2022

See more

Full colors

If the leak is accurate, then we’ve got four silicone straps on the way: black, gray, white, and what seems to be a very pale green. Leather straps look to cover black, orange, green and white, while there’s also a fabric option in red, black and green.

We already know that the Pixel Watch is going to work in tandem with the Fitbit app for logging all your vital statistics, and included in the leaked pictures is an image of the Pixel Watch alongside the Fitbit app running on an Android phone.

There’s plenty of material to look through here if you can’t wait until the big day – and we will of course be bringing you all the news and announcements as the Google event unfolds. It gets underway at 7am PT / 10am ET / 3pm BST / 12am AEDT (October 7).


Analysis: a big moment for Google

It’s been a fair while since Google launched itself into a new hardware category, and you could argue that there’s more riding on the Pixel Watch than there is on the Pixel 7 and Pixel 7 Pro – as Google has been making phones for years at this point.

While Wear OS has been around for a considerable amount of time, Google has been leaving it to third-party manufacturers and partners to make the actual hardware. Samsung recently made the switch back to Wear OS for the Galaxy Watch 5 and the Galaxy Watch 5 Pro, for example.

Deciding to go through with its own smartwatch is therefore a big step, and it’s clear that Google is envious of the success of the Apple Watch. It’s the obvious choice for a wearable for anyone who owns an iPhone, and Google will be hoping that Pixel phones and Pixel Watches will have a similar sort of relationship.

What’s intriguing is how Fitbit fits in – the company is now run by Google, but so far we haven’t seen many signs of the Fitbit and the Pixel lines merging, even if the Pixel Watch is going to come with support for the Fitbit app.

Dave is a freelance tech journalist who has been writing about gadgets, apps and the web for more than two decades. Based out of Stockport, England, on TechRadar you’ll find him covering news, features and reviews, particularly for phones, tablets and wearables. Working to ensure our breaking news coverage is the best in the business over weekends, David also has bylines at Gizmodo, T3, PopSci and a few other places besides, as well as being many years editing the likes of PC Explorer and The Hardware Handbook.

Read More

Continue Reading

Trending

Copyright © 2022 Xanatan