Microsoft SharePoint exploit is used in multiple cyber attacks all over the world

Cybersecurity researchers revealed, today, in a report that CVE-2019-0604 is active in the wild.
CVE-2019-0604 is also known as Microsoft SharePoint vulnerability, it was discovered some time ago but never exploited in a real environment, only in a simulated one; but now according to cybersecurity researchers, its exploitation was observed all around the world.

When the vulnerability was first found, it was not affecting users from the real world. Today the situation is way different from its initial one and it seems a wave of attacks are exploiting this flaw and using the China Chopper web shell to gain initial access. From Saudi Arabia and Canada comes multiple reports that show several companies which were affected by hackers using the web shell for network access.

All these cybersecurity reports illustrate very well that multiple hackers are now using the exploit. Researchers have also found a malware they say is likely an earlier version of the second-stage malware used in the Saudi attacks; which was reportedly shared by another target in China.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

For those who don’t know CVE-2019-0604 is a remote code execution vulnerability that exists when SharePoint fails to verify the source markup of an application package.

In order to be fully exploitable, the hacker must upload a specially crafted SharePoint application package to affected versions of the software. If successful, the hacker will be able to exploit the bug and run arbitrary code in the context of the SharePoint application pool and SharePoint server farm account. Good news for today is that Microsoft has already released a patch, so install it quickly if you want to be safe and secured.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.