Infosec In Brief Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that its own failure to completely fix past problems is the cause.

In a July 19 security note, the software giant admitted it is “… aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update.”

The attack targets CVE-2025-53770, a flaw rated 9.8/10 on the CVSS scale as it means “Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network.”

The US Cybersecurity and Infrastructure Security Agency (CISA) advises CVE-2025-53770 is a variant of CVE-2025-49706, a 6.3-rated flaw that Microsoft tried to fix in its most recent patch Tuesday update.

The flaw is present in SharePoint Enterprise Server 2016. SharePoint Server 2019, and SharePoint Server Subscription Edition. At the time of writing, Microsoft has issued a patch for only the latter product.

That patch addresses a different vulnerability – the 6.3-rated path traversal flaw CVE-2025-53771 which mitigates that flaw and the more dangerous CVE-2025-53770. While admins wait for more patches, Microsoft advised them to ensure the Windows Antimalware Scan Interface (AMSI) is enabled and configured correctly, alongside an appropriate antivirus tool. Redmond also wants users to watch for suspicious IIS worker processes, and rotate SharePoint Server ASP.NET machine keys.

CISA has also issued its own warning. “Conduct scanning for IPs 107.191.58[.]76, 104.238.159[.]149, and 96.9.125[.]147, particularly between July 18-19, 2025,” it said. “Monitor for POSTs to /_layouts/15/ToolPane.aspx?DisplayMode=Edit.”

EFF warns Ring has reversed home CCTV privacy pledge

The Electronic Frontier Foundation has warned that Amazon’s Ring security camera business will allow law enforcement agencies to access its devices.

“Not only is the company reintroducing new versions of old features which would allow police to request footage directly from Ring users, it is also introducing a new feature that would allow police to request live-stream access to people’s home security devices,” warned the EFF last week. “This is a bad, bad step for Ring and the broader public.”

In 2024 Ring promised to discontinue an option that allowed law enforcement agencies to request video footage without a warrant.

The outfit’s policy reversal appears to coincide with the return of founder Jamie Siminoff, who left the biz after accepting police requests to hand over footage without a user’s consent.

According to a Business Insider report, Ring now plans to go all-in on AI. “. We fear that this may signal the introduction of video analytics or face recognition to an already problematic surveillance device,” the EFF wrote.

China upgrades smartphone surveillance-ware

The Chinese government is installing malware capable of tracking GPS location data, SMS messages, images, audio, contacts and phone services on smartphones owned by some visitors to the country.

According to the latest report from security shop Lookout, Middle Kingdom security inspectors install surveillance code on handsets carried by visitors. Once present, the code gives Beijing the ability to monitor content on devices, and – if connected to PC running a companion program – extract data.

“These tools can pose a risk to enterprise organizations with executives and employees that travel abroad – especially to countries with border patrol policies that allow them to confiscate mobile devices for a short period of time upon entry,” Lookout warned.

“In 2024, the Ministry of State Security introduced new legislation that would allow law enforcement personnel to collect and analyze devices without a warrant.”

Microsoft shuns Chinese talent

Microsoft will no longer use Chinese engineers to work on US Department of Defense computer systems, raising the question of how many Beijing-linked staff have accessed US systems.

A report by the respected nonprofit investigative journalism site ProPublica last week found Redmond has employed tech support workers based in China to manage DoD systems, with very little oversight.

The report claims that Microsoft works with a contractor called “Insight Global” that hires the workers, some of whom have Chinese military backgrounds.

The Secretary of Defense Pete Hegseth announced an investigation after publication of the report.

“In response to concerns raised earlier this week about US-supervised foreign engineers, Microsoft has made changes to our support for US Government customers to assure that no China-based engineering teams are providing technical assistance for DoD Government cloud and related services,” said Microsoft spokesperson Frank Shaw.

“We remain committed to providing the most secure services possible to the US government, including working with our national security partners to evaluate and adjust our security protocols as needed.”

So that’s all right then. ®