CISA releases malware analysis report for SharePoint vulnerabilities

The Cybersecurity and Infrastructure Security Agency published a malware analysis report on files related to Microsoft SharePoint vulnerabilities and encouraged organizations to use the indicators of compromise and detection signatures to identify malware.

Background: On July 19, Microsoft published a blog post addressing active attacks against on-premises SharePoint servers that exploit a spoofing vulnerability. The chain, publicly reported as “ToolShell,” enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network.

More: CISA last week updated its alert on vulnerabilities with Microsoft SharePoint servers to reflect newly released information as threat actor tactics, techniques, and procedures continue to evolve.

Microsoft Recommendations: Microsoft recommends customers use supported versions of on-premises SharePoint servers with the latest security updates and enable Antimalware Scan Interface (AMSI) and Microsoft Defender Antivirus (or equivalent solutions) for all on-premises SharePoint deployments.

ICBA Resources: Additional cybersecurity resources for community bankers are available on ICBA’s Cyber and Data Security Center.

CISA releases malware analysis report for SharePoint vulnerabilities

NewsWatch Today Contacts

Independent Community Bankers of America

CISA releases malware analysis report for SharePoint vulnerabilities

NewsWatch Today Contacts

Related News

ICBA, other groups call on Congress to renew cybersecurity law

House panel passes ICBA-supported cybersecurity bill

CISA, partners release software guidance

CISA updates alert on SharePoint vulnerabilities with new Microsoft guidance