Information security now!
This week, we talk about the globally significant vulnerability in Sharepoint and the methods the criminals use in online frauds.
Vulnerability in SharePoint and the status in Finland
A severe vulnerability was found in the Microsoft SharePoint service used to build a company intranet. The vulnerability has been actively exploited globally. The vulnerability enables a full access to the contents in the targeted SharePoint service and enables the execution of code on the server maintaining the service. The vulnerability does not affect the version used in the cloud environment. Microsoft has published guidance for administrators of vulnerable systems as well as security updates to address the vulnerability.
After the vulnerability was made public, the NCSC-FI mapped vulnerable servers in the Finnish virtual space. The NCSC-FI contacted the owners of the identified vulnerable servers and urged them to update them. The NCSC-FI has since become aware of some exploitation attempts and a few security breaches in which the vulnerability was exploited.
Widespread exploitation of the vulnerability has been observed globally. In the case of Finland, the number of vulnerable servers and exploitation cases has so far remained low compared to the rest of the world. Microsoft has reported that the vulnerability has also been exploited by state actors.
The Finnish Safety and Chemicals Agency Tukes has published a press release about a suspected data breach in connection with the SharePoint vulnerability. The data breach targeted a server that contains the FINAS Finnish Accreditation Service’s website. The website server stores the IP addresses of the site’s visitors. IP addresses can be used to find out the visitor’s city and internet service provider, but not their exact location or other personal data. Confidential customer data is not stored on the server.
The EU Agency for Cybersecurity (ENISA) has published a joint statement on the vulnerabilities.
The summer doesn’t stop criminals - these measures aim to scam you
Scam messages are being sent in the name of the Finnish Transport and Communications Agency Traficom, claiming, for example, that the recipient has an unpaid fine that is overdue. This is a phishing message trying to get you to click the link in the message and give your bank credentials to criminals.
Online scams have become more common and are now part of organized professional crime. Anyone can fall victim to these scams. Especially during the holiday season, tasks may be handled in a rush or through unusual processes, which can lead to a lapse in vigilance.
Criminals aim to obtain valuable information such as online banking credentials, passwords, or personal data. The information is used for identity theft and financial fraud, among other things. In addition to technology, criminals exploit human emotions and behaviour.
Common manipulation techniques used by criminals – and how to defend against them
- Fear-based manipulation: Scam messages may threaten with account closure, freezing, or, for example, being suspected of a crime.
- Exploitation of compassion: Scammers claim there is an emergency and ask for money. Do not transfer money until you are sure who is asking and why.
- Appeal to authority: The messages may appear to come from authorities. At first glance, the sender’s information may appear legitimate.
- Too good to be true: Messages about winning a prize or receiving free gift cards may be scams. Ask yourself if you even entered the prize draw.
Building trust: Long-term scams, such as romance or investment fraud, are based on building trust before asking for money. Be cautious when someone asks you for money.
Remember: stop and think—what is the sender’s motive, and why is the message urgent or threatening? Verify the authenticity of the message through official sources. If you are asked for money, try to verify who is asking and whether the message is genuine.
Recently reported scams
In this summary, we provide information about scams reported to the NCSC-FI during the past week.
WHAT TO DO IF YOU GET SCAMMED
- Immediately contact your bank if you have made a payment based on a scam or a criminal has gained access to your online banking service or payment card information.
- File a police report. You can file a police report online. (External link) (External link)
- You can also report the incident to the NCSC-FI. (External link)
- Guidance for victims of a data leak (External link) (External link)
Learn how to detect and protect yourself against online scams
Vulnerabilities
CVE: CVE-2025-53770, CVE-2025-53771
CVSS: 9.8
What: Actively exploited critical vulnerability in Microsoft’s on-prem Sharepoint products
Product: Microsoft SharePoint Server Subscription Edition, Microsoft SharePoint Server 2019, Microsoft SharePoint Enterprise Server 2016
Fix: Patch
Further information:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 (External link) (External link)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53771 (External link) (External link)
ABOUT THE WEEKLY REVIEW
This is the weekly review of the National Cyber Security Centre Finland (reporting period 18–24 July 2025). The purpose of the weekly review is to share information about current cyber phenomena. The review is intended for everyone from cyber security professionals to ordinary people.