Techly NewsGet the app

Get the latest tech news

What to know about ToolShell, the SharePoint threat under mass exploitation


Easy to exploit. Unauthenticated access. Massive reach. ToolShell has it all.

Government agencies and private industry have been under siege over the past four days following the discovery that a critical vulnerability in SharePoint, the widely used document-sharing app made by Microsoft, is under mass exploitation. From there, the webshell extracts tokens and other credentials that allow the attackers to gain administrative privileges, even when systems are protected by multifactor authentication and single sign-on. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of mass exploitation

mass exploitation

Photo of SharePoint

SharePoint

Photo of ToolShell

ToolShell

Related news:

News photo

Microsoft SharePoint victim count hits 400+ orgs in ongoing attacks

News photo

US nuclear weapons agency reportedly hacked in SharePoint attacks

News photo

Microsoft fixes three SharePoint zero-day exploits used in series of cyberattacks - how to patch them

« T-Mobile's Starlink Satellite Service Officially Launches With iPhone Support
What to expect at the Google Pixel 10 launch event on August 20 »