{"id":15606,"date":"2022-02-11T11:27:59","date_gmt":"2022-02-11T08:27:59","guid":{"rendered":"https:\/\/www.indir.com\/haber\/?p=15606"},"modified":"2022-02-11T11:28:02","modified_gmt":"2022-02-11T08:28:02","slug":"microsoft-365te-tehlikeli-bir-guvelik-acigi-kesfedildi","status":"publish","type":"post","link":"https:\/\/www.indir.com\/haber\/microsoft-365te-tehlikeli-bir-guvelik-acigi-kesfedildi\/","title":{"rendered":"Microsoft 365\u2019te tehlikeli bir g\u00fcvelik a\u00e7\u0131\u011f\u0131 ke\u015ffedildi"},"content":{"rendered":"\n

Siber g\u00fcvenlik firmas\u0131 Varonis i\u00e7in \u00e7al\u0131\u015fan Eric Saraga, Microsoft 365’te tehlikeli bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffetti. \u0130\u015fte bu tehlikeli durum\u2026<\/p>\n\n\n\n

Ara\u015ft\u0131rmac\u0131lar Microsoft 365’te veri kaybetmenin yeni bir yolunu ke\u015ffettiler. Bu noktada i\u015f ak\u0131\u015f\u0131 otomasyon \u00f6zelli\u011fi kullan\u0131ld\u0131. Siber g\u00fcvenlik firmas\u0131 Varonis’ten Eric Saraga bu durumu not ald\u0131. Veri ihlalleri, Outlook, SharePoint ve OneDrive i\u00e7in bir Microsoft 365 \u00f6zelli\u011fi olan PowerAutomate arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015fir. Power Automate, kullan\u0131c\u0131lar\u0131n kendi ak\u0131\u015flar\u0131n\u0131 olu\u015fturmalar\u0131na olanak tan\u0131yan
Microsoft 365 uygulamas\u0131nda kullan\u0131ma haz\u0131r bir \u00f6zelliktir. <\/p>\n\n\n\n

Office 365, Microsoft 365 oluyor!<\/a><\/p>\n\n\n\n

Bu davran\u0131\u015flar\u0131 yap\u0131land\u0131rmak i\u00e7in kullan\u0131c\u0131n\u0131n \u00f6nce iki uygulama aras\u0131nda veri ak\u0131\u015f\u0131na izin verecek bir ba\u011flant\u0131 kurmas\u0131 gerekir.<\/p>\n\n\n\n

Microsoft 365’e kar\u015f\u0131 savunmas\u0131z kalman\u0131n iki yolu vard\u0131r<\/h2>\n\n\n\n

Saraga ayr\u0131ca, e-posta y\u00f6nlendirmenin yan\u0131 s\u0131ra SharePoint ve OneDrive s\u00fcr\u00fcc\u00fclerinden e-postalar\u0131 ve dosyalar\u0131 \u00e7\u0131karmak i\u00e7in bu ak\u0131\u015flar\u0131 kullanabilece\u011finizi a\u00e7\u0131klad\u0131. MS Graph dahil olmak \u00fczere di\u011fer Microsoft 365 uygulamalar\u0131ndan verilerin s\u0131zd\u0131r\u0131labilece\u011fini de s\u00f6zlerine ekledi.<\/p>\n\n\n\n

Saraga, ak\u0131\u015flar\u0131 k\u00f6t\u00fcye kullanman\u0131n iki yolunu a\u00e7\u0131klad\u0131. Bunlardan biri, kurban\u0131n u\u00e7 noktas\u0131yla do\u011frudan ileti\u015fimdir. \u0130kinci olarak, kurban\u0131 sahte bir Azure uygulamas\u0131 indirmesi i\u00e7in kand\u0131rman\u0131z gerekir.
\u0130lk y\u00f6ntemin uygulanmas\u0131 biraz zor. Ayr\u0131ca, \u00e7ok y\u0131k\u0131c\u0131 bir etki de yarat\u0131r. Saraga durumu \u015f\u00f6yle anlat\u0131yor:<\/p>\n\n\n\n

\u201cAk\u0131\u015f olu\u015fturmak, ak\u0131\u015f API\u2019si kullan\u0131larak programl\u0131 olarak yap\u0131l\u0131yor. \u00d6zel bir Power Automate API\u2019si olmamas\u0131na ra\u011fmen ak\u0131\u015f u\u00e7 noktalar\u0131, mevcut ba\u011flant\u0131lar\u0131 sorgulamak ve bir ak\u0131\u015f olu\u015fturmak i\u00e7in kullan\u0131l\u0131yor.\u201d<\/p><\/blockquote>\n\n\n\n

\u0130kinci y\u00f6ntem, kurban\u0131n uygulamay\u0131 indirmesi i\u00e7in bir uyar\u0131 mesaj\u0131 ile ba\u015flar. Kullan\u0131c\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m uygulamas\u0131n\u0131 \u00e7al\u0131\u015ft\u0131rmay\u0131 kabul ederse, kullan\u0131c\u0131n\u0131n ak\u0131\u015f\u0131 olu\u015fturmak i\u00e7in ge\u00e7erli izinleri vard\u0131r. Ancak, uygulama arac\u0131l\u0131\u011f\u0131yla yeniden ba\u011flanman\u0131n bir yolu yoktur. Sald\u0131rganlar yaln\u0131zca mevcut ba\u011flant\u0131lar\u0131 kullanabilir. Bu noktada Azure uygulamas\u0131, k\u00f6t\u00fc niyetli kullan\u0131c\u0131y\u0131 \u00f6nceden belirli bir ba\u011flant\u0131 kurmu\u015f olanlarla s\u0131n\u0131rlar.<\/p>\n\n\n\n

Microsoft 365’teki g\u00fcvenlik a\u00e7\u0131\u011f\u0131 hakk\u0131nda ne d\u00fc\u015f\u00fcn\u00fcyorsunuz? Fikirlerinizi yorum k\u0131sm\u0131ndan bize iletmeyi unutmay\u0131n!<\/p>\n","protected":false},"excerpt":{"rendered":"

Siber g\u00fcvenlik firmas\u0131 Varonis i\u00e7in \u00e7al\u0131\u015fan Eric Saraga, Microsoft 365’te tehlikeli bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffetti. \u0130\u015fte bu tehlikeli durum\u2026 Ara\u015ft\u0131rmac\u0131lar Microsoft 365’te veri kaybetmenin yeni bir yolunu ke\u015ffettiler. Bu noktada i\u015f ak\u0131\u015f\u0131 otomasyon \u00f6zelli\u011fi kullan\u0131ld\u0131. Siber g\u00fcvenlik firmas\u0131 Varonis’ten Eric Saraga bu durumu not ald\u0131. Veri ihlalleri, Outlook, SharePoint ve OneDrive i\u00e7in bir Microsoft 365 […]<\/p>\n","protected":false},"author":10,"featured_media":15608,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2698],"class_list":["post-15606","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-microsoft-365"],"_links":{"self":[{"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/posts\/15606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/comments?post=15606"}],"version-history":[{"count":0,"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/posts\/15606\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/media\/15608"}],"wp:attachment":[{"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/media?parent=15606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/categories?post=15606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.indir.com\/haber\/wp-json\/wp\/v2\/tags?post=15606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}