And more updates on the SharePoint vulnerability that’s been covered this week. More than 400 organizations have been compromised in an ongoing attack targeting Microsoft SharePoint, according to Dutch security firm Eye Security. The attacks began on July 17 and have involved multiple waves, with significant impacts on government agencies. The National Nuclear Security Administration has confirmed a significant breach of its network, attributed to attacks exploiting a recently patched vulnerability in Microsoft SharePoint. The Department of Energy reported that unauthorized access occurred on July 18, with only a minimal number of systems impacted due to the agency’s robust cybersecurity measures.
Why do we care?
This SharePoint mess just got worse—400+ organizations compromised, including the National Nuclear Security Administration. The people managing nukes got breached through a Microsoft hole.
You couldn’t have patched fast enough. This wasn’t a missed update. This was a zero-day, and if you weren’t monitoring for weird behavior or locking down your SharePoint exposure, you were already toast.
Patching ain’t enough. You need detection. You need isolation. You need a plan that doesn’t depend on a vendor ringing the alarm after the building’s already on fire.
So ask yourself—if you had a client running on-prem SharePoint… how would you have known something was wrong? If you don’t like the answer, you’ve got work to do.