Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Three hacking groups, two vulnerabilities and all eyes on China

(Microsoft)

By Alexander Martin

On the main stage at the Pwn2Own hacking competition in Berlin this March, researchers demonstrated it was possible to remotely compromise sensitive information via Microsoft’s on-premise SharePoint software — the first glimpse that the world got of two dangerous software vulnerabilities threatening governments and enterprises around the globe.

SharePoint is used by large organizations as a repository storing many kinds of confidential documents; from procurement data to internal memos and legal filings. It is also deeply integrated with Microsoft’s authentication services, meaning skillful enough hackers could use a foothold there to burrow deeper into their victims’ networks.

The plan to prevent hackers from ransacking these organizations, as per the rules of Pwn2Own, was for Viettel Cyber Security researchers to privately disclose their findings to Microsoft before discussing them publicly. Microsoft’s engineers would then issue patches for the bugs and deprive malicious actors of a foothold for attacking the company’s customers.

Read more at The Record

Click to listen highlighted text!