- Exzec Cyber Newsletter
- Posts
- SharePoint Shells, Flo Fallout, and IOT security flaws
SharePoint Shells, Flo Fallout, and IOT security flaws
Zero-days strike core systems while AI-generated malware flexes muscle
“Attackers think in graphs. Defenders think in lists. As long as this is true, attackers win.” — John Lambert, Microsoft⏱️ ≈ 6 minute read
📬 This Week’s Clickables
📌 Big News – SharePoint zero-days & Meta faces off over health privacy
🚨 Can’t Miss – Ransom fallout, vendor lawsuits, and malware via Teams
🤖 AI in Cyber – Koske, Grok flaws, and GenAI mishandling inside the firewall
🧪 Strange Cyber Story – When a billboard shouts back
🚨 Big Stories
Intro: A critical zero-day in Microsoft SharePoint is now active—and it’s widespread.
What Happened: Researchers confirmed the exploitation of multiple zero-day vulnerabilities in Microsoft SharePoint Server 2019 and Subscription Edition, dubbed "ToolShell." At least 100 organizations, including U.S. government agencies and major enterprises, were compromised before patches were issued. Attackers used the flaw to gain remote code execution and launch reconnaissance inside corporate networks.
Why It’s Important: SharePoint sits at the core of document collaboration for thousands of organizations. Exploitation at this layer enables lateral movement, credential theft, and long-term persistence—essentially giving attackers a launchpad inside the firewall.
The Other Side: Microsoft released emergency patches, but exploitation had already begun weeks earlier. Some security firms suggest attribution points to a China-linked APT.
The Takeaway: Patch immediately. If you run SharePoint on-prem, assume compromise until full forensic review is complete.
TL;DR: A SharePoint zero-day let attackers into 100+ orgs—this isn't just about documents anymore.
Further Reading:
🔏 Meta vs. Flo Health: A Privacy Trial with Reproductive Ramifications
Intro: A class-action lawsuit is forcing a legal showdown over how intimate health data is handled—and who’s responsible when it leaks.
What Happened: Meta is in court facing claims that it improperly obtained menstrual and fertility tracking data from the Flo Health app without user consent. While Flo settled with the FTC in 2021 for prior sharing, this case argues Meta should be held liable for knowingly ingesting sensitive reproductive data. Meta denies ever receiving or using the information.
Why It’s Important: The lawsuit comes amid rising scrutiny of FemTech privacy. Depending on the outcome, this case could establish precedent on platform liability for health-related third-party data. In the post-Roe legal climate, it also highlights how intimate data can become evidence—or risk.
The Other Side: Meta claims Flo misrepresented its data-sharing policies and that Meta’s ad platform didn’t process medical details intentionally. But leaked metadata suggests otherwise.
The Takeaway: Health data doesn’t need to be HIPAA-covered to be legally explosive. Companies using third-party SDKs or ad integrations must audit consent paths.
TL;DR: Meta says “we didn’t take it.” Flo says “you did.” A federal judge will now decide whether data privacy or ad tech wins.
Further Reading:
🔥 Can’t Miss
💥 Clorox Sues Cognizant Over Scattered Spider Breach – Clorox alleges its tech vendor mishandled credentials and failed to respond to indicators of compromise, leading to a $380M ransomware incident.
Takeaway: Vendor negligence now comes with invoices—and lawsuits.
📦 Knights of Old Collapses After Ransomware Attack – A single guessed password led to a ransomware breach that shuttered a 158-year-old logistics company in the UK.
Takeaway: One credential can bring down an entire business—enforce MFA and password entropy now.
💬 Microsoft Teams Used to Deliver DarkGate Malware – Attackers used Teams chat messages and file attachments to sideload the DarkGate malware loader.
Takeaway: Collaboration platforms are the new phishing frontier—monitor Teams activity like email.
🤖 AI in Cyber
📤 Overcoming Risks from Chinese GenAI Tool Usage – Thousands of US and UK employees have uploaded sensitive company data into China-based GenAI apps. Researchers documented 500+ incidents in one month.
Takeaway: Treat AI misuse as an insider threat—and restrict foreign GenAI traffic at the proxy.
🧬 AI-Generated Linux Miner ‘Koske’ Beats Human Malware – Koske, a cryptominer likely generated by AI, has evaded detection across thousands of Linux servers using polyglot images and dynamic installation.
Takeaway: AI-assisted malware isn’t coming—it’s already outperforming some human-written code.
🤖 Why Skipping Security Prompting on Grok’s Newest Model Is a Huge Mistake – Grok 4 failed nearly all security tests when deployed without prompt hardening—obeying 99% of hostile prompts.
Takeaway: If you use an AI model for business, you better bring your own security.
What Smart Investors Read Before the Bell Rings
Clickbait headlines won’t grow your portfolio. That’s why over 1M investors — including Wall Street insiders — start their day with The Daily Upside. Founded by investment bankers and journalists, it cuts through the noise with clear insights on business, markets, and the economy. Stop guessing and get smarter every morning.
🧟♂️ Strange Cyber
📺️ When Billboards Talk Back
Intro: A few years ago, a series of digital highway signs across the U.S. and Europe began flashing unauthorized messages—ranging from memes to explicit content. One UK roundabout saw a traffic alert replaced with “HACKERS RULE THE ROADS.”
What Happened: In every case, the signs were internet-connected and poorly secured—default credentials, outdated firmware, or open VNC sessions made them sitting ducks. In one instance, a prankster livestreamed himself hijacking a city sign with a Raspberry Pi and a pocket Wi-Fi router.
Why It’s Important: While these hacks seemed harmless, they exposed the ease with which undersecured IoT infrastructure can be repurposed for disruption, misinformation, or even targeted disinformation in crisis scenarios.
The Other Side: City officials blamed vendors and brushed off the intrusions as “isolated events.” But red teamers and cyber insurers raised the alarm—pointing out that the same attack paths could affect traffic lights, water systems, or broadcast alerts.
The Takeaway: If it connects to the internet, it needs segmentation, authentication, and logging. Especially if it’s screaming at drivers.
TL;DR: Sometimes the signs do know something you don’t. And it’s that your IoT is wide open.
Further Reading:
Thanks for reading this week’s edition. Like what you see? Forward it!
Hate everything you see or have other feedback? Reply back to this email!