Krzysztof Dmowski @xaphanpl

**doragasu** @doragasu@mastodon.sdf.org · 21h

Really, is #Microsoft completely unable to get #security right? #Copilot completely bypasses #Sharepoint restrictions and can retrieve documents, users and #passwords and other sensitive information from documents you should not be able to access. And that without leaving a trace on the audit logs https://cybersecuritynews.com/hackers-exploit-copilot-ai-for-sharepoint/

Cyber Security News · 3dHackers Exploit Copilot AI for SharePoint to Access Passwords & Other Sensitive DataMultiple vulnerabilities in Microsoft's Copilot AI for SharePoint, enabling attackers to access sensitive corporate data including passwords, API keys, and confidential documents.

**Paco Hope #resist** @paco@infosec.exchange · 1d

Paco Hope #resist @paco@infosec.exchange

OMG. #Microsoft #Copilot bypasses #Sharepoint #security so you don’t have to!

“CoPilot gets privileged access to SharePoint so it can index documents, but unlike the regular search feature, it doesn’t know about or respect any of the access controls you might have set up. You can get CoPilot to just dump out the contents of sensitive documents that it can see, with the bonus feature* that your access won’t show up in audit logs.”

The S in CoPilot stands for Security!

https://pivotnine.com/the-crux/archive/remembering-f00fs-of-old/

The “all the things” meme where a scribbled cartoon character has a fist raised and their mouth open like shouting. It says “Backdoor all the things!”

**heise online** @heiseonline@social.heise.de · 2d

heise online @heiseonline@social.heise.de

KI-Update: Milliardenpoker um OpenAI, KI-Systeme entwickeln Software, LegoGPT

Das "KI-Update" liefert werktäglich eine Zusammenfassung der wichtigsten KI-Entwicklungen.

https://www.heise.de/news/KI-Update-Milliardenpoker-um-OpenAI-KI-Systeme-entwickeln-Software-LegoGPT-10381344.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · 2dKI-Update: Milliardenpoker um OpenAI, KI-Systeme entwickeln Software, LegoGPTBy Marko Pauli

#Apple #ChatGPT #GenerativeAI

**Karl Voit** @publicvoit@graz.social · May 8 *

May 8 *

Karl Voit @publicvoit@graz.social

Who says that #AI isn't helping people in real-life situations?

Consider yourself a bad #hacker, breaking in a company #SharePoint server. With #Microsoft #CoPilot, you're able to determine recent #pentesting reports, plain text #passwords and other crucial information for your attack right away. As if you get direct help by an insider. Amazing.

If you find an interesting sensitive file you don't have reading permission for, you can ask CoPilot to show it to you, overriding all the #security permission measures. Even better: this is not even logged as a file access. No need to clean up afterward.

Exactly the software you will need for your work. #Pentester and attackers could not have asked for a better tool. Your victims will pay for this handy service themselves. Great to get that kind of important support by Microsoft.

Read about that on: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

www.pentestpartners.comExploiting Copilot AI for SharePoint | Pen Test PartnersTL;DR AI Assistants are becoming far more common Copilot for SharePoint is Microsoft’s answer to generative AI assistance on SharePoint Attackers will look to exploit anything they can get their hands on Your current controls and logging may be insufficient Be careful what you keep on platforms like SharePoint Introduction SharePoint is a Microsoft platform

#LLM #fail #backdoor

**Pen Test Partners** @PTP@infosec.exchange · May 7

May 7

Pen Test Partners @PTP@infosec.exchange

Microsoft Copilot for SharePoint just made recon a whole lot easier.

One of our Red Teamers came across a massive SharePoint, too much to explore manually. So, with some careful prompting, they asked Copilot to do the heavy lifting...

It opened the door to credentials, internal docs, and more.

All without triggering access logs or alerts.

Copilot is being rolled out across Microsoft 365 environments, often without teams realising Default Agents are already active.

That’s a problem.

Jack, our Head of Red Team, breaks it down in our latest blog post, including what you can do to prevent it from happening in your environment.

Read it here: https://www.pentestpartners.com/security-blog/exploiting-copilot-ai-for-sharepoint/

#RedTeam #OffSec #AIsecurity

**Leanpub** @leanpub@mastodon.social · Apr 25

Apr 25

Leanpub @leanpub@mastodon.social

Building SharePoint Online Intranets: Practical Advice for building Intranets with SharePoint Online https://leanpub.com/BuildingIntranetsWithSharePointOnline #SharePoint #digitaltransformation #books #ebooks @nztechtweet

**heise online English** @heiseonlineenglish@social.heise.de · Apr 9

Apr 9

heise online English @heiseonlineenglish@social.heise.de

Microsoft increases prices for on-premises servers

Microsoft recognizes that there are customers who need on-premises installations. However, they should dig deeper into their pockets for this.

https://www.heise.de/en/news/Microsoft-increases-prices-for-on-premises-servers-10345758.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Apr 9Microsoft increases prices for on-premises serversBy Dirk Knop

#MicrosoftExchange #IT #Microsoft

**heise online** @heiseonline@social.heise.de · Apr 9

Apr 9

heise online @heiseonline@social.heise.de

Microsoft erhöht Preise für On-Premises-Server

Microsoft erkennt an, dass es Kunden gibt, die On-Premises-Installationen benötigen. Die sollen dafür aber tiefer in die Tasche greifen.

https://www.heise.de/news/Microsoft-erhoeht-Preise-fuer-On-Premises-Server-10345544.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Apr 9Microsoft erhöht Preise für On-Premises-ServerBy Dirk Knop

#MicrosoftExchange #IT #Microsoft

**The New Oil** @thenewoil@mastodon.thenewoil.org · Mar 29

Mar 29

The New Oil @thenewoil@mastodon.thenewoil.org

Hijacked #Microsoft #Stream classic domain "spams" #SharePoint sites

https://www.bleepingcomputer.com/news/microsoft/hijacked-microsoft-stream-classic-domain-spams-sharepoint-sites/

#cybersecurity

**Cryptomator** @cryptomator@mastodon.online · Mar 19

Mar 19

Cryptomator @cryptomator@mastodon.online

OUT NOW: Cryptomator for iOS 2.7.0!

We’re excited to introduce SharePoint integration in our latest iOS update! This means you can now securely encrypt your files stored in Microsoft SharePoint and Teams with end-to-end encryption.

Upgrade to Cryptomator 2.7.0 today and take control of your data security!

Learn more: https://cryptomator.org/blog/2025/03/19/ios-2.7.0/?utm_source=mastodon&utm_medium=social&utm_campaign=ios-2.7.0

#Cryptomator #Update #iOS

Replied in thread

**∫∀⊂∅** @laslab@waag.social · Mar 13

Mar 13

∫∀⊂∅ @laslab@waag.social

Waarom zeggen sommige professionals dat Amerikaanse producten zo gebruiksvriendelijk zijn? Met name sharepoint is toch echt compleet bagger.
Volgens mij is het puur gewoonte en "wat de boer niet kent ...".
#sharepoint #microsoft #cloud

@bert_hubert @marleenstikker

**Marcel SIneM(S)US** @simsus@social.tchncs.de · Mar 8

Mar 8

Marcel SIneM(S)US @simsus@social.tchncs.de

#LibreOffice: Funktion zur #Sharepoint-Integration ermöglicht #Makro-Ausführung | Security https://www.heise.de/news/LibreOffice-Funktion-zur-Sharepoint-Integration-ermoeglicht-Makro-Ausfuehrung-10304436.html #Patchday #OpenSource

heise online · Mar 5LibreOffice: Funktion zur Sharepoint-Integration ermöglicht Makro-AusführungBy Dirk Knop

**Sascha Stumpler** @sasstu@hessen.social · Mar 7

Mar 7

Sascha Stumpler @sasstu@hessen.social

Automating with PowerShell: Setting Sharepoint Sharing Settings http://dlvr.it/TJNNRn via PlanetPowerShell #PowerShell #SharePoint #M365 #Azure

**The New Oil** @thenewoil@mastodon.thenewoil.org · Mar 4

Mar 4

The New Oil @thenewoil@mastodon.thenewoil.org

New #ClickFix attack deploys #Havoc C2 via #Microsoft #Sharepoint

https://www.bleepingcomputer.com/news/security/new-clickfix-attack-deploys-havoc-c2-via-microsoft-sharepoint/

BleepingComputer · Mar 3New ClickFix attack deploys Havoc C2 via Microsoft SharepointBy Lawrence Abrams

#cybersecurity #malware

**c't Magazin** @ct_Magazin@social.heise.de · Feb 25

Feb 25

c't Magazin @ct_Magazin@social.heise.de

heise+ | Dateien in Microsoft Teams verwalten

Die Dateispeicher in MS Teams scheinen eine Cloud-Blackbox zu sein. Wir erklären Speicherorte, Suchfunktionen und die Synchronisation mit dem lokalen Rechner.

https://www.heise.de/ratgeber/Dateien-in-Microsoft-Teams-verwalten-10270261.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

c't MagazinDateien in Microsoft Teams verwaltenDie Dateispeicher in MS Teams scheinen eine Cloud-Blackbox zu sein. Wir erklären Speicherorte, Suchfunktionen und die Synchronisation mit dem lokalen Rechner.

#MicrosoftTeams #SharePoint #news

Continued thread

**Marcel Stritzelberger** @marzlberger@mastodon.online · Jan 31

Jan 31

Marcel Stritzelberger @marzlberger@mastodon.online

Does anyone know a good #selfhosting solution to replace #Sharepoint ‘Lists’? Currently I maintain a kind of #time tracking for projects and a kind of inventory with an input mask. This works well, but I would like to use something from the #OSS area.

Any tips?

Example list with time recording entries

**Marcel Stritzelberger** @marzlberger@mastodon.online · Jan 31 *

Jan 31 *

Marcel Stritzelberger @marzlberger@mastodon.online

Kennt jemand eine gute #selfhosting Lösung um #Sharepoint "Lists" abzulösen? Aktuell pflege ich mit einer Eingabemaske eine Art #Zeiterfassung für Projekte und eine Art Inventar. Das funktioniert zwar gut, aber ich würde gerne etwas aus dem #OSS Bereich nutzen wollen.

Tipps?