Hackers exploit Microsoft SharePoint as firm works to patch
A guide through the most important stories of the morning, delivered Monday through Friday.
Enter Email
Sign Up
Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of those companies, followed by the Netherlands, the UK and Canada, he said.
Advertisement
'It's a dream for ransomware operators,' he said.
Microsoft has been trying to shore up its cybersecurity after a series of high-profile failures, hiring new executives from places like the US government and holding weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms.
Advertisement
Palo Alto Networks Inc. warned that the SharePoint exploits are 'real, in-the-wild, and pose a serious threat.' Google Threat Intelligence Group said in an e-mailed statement it had observed hackers exploiting the vulnerability, adding it allows 'persistent, unauthenticated access and presents a significant risk to affected organizations.'
'When they're able to compromise the fortress that is SharePoint, everybody is kind of at their whim because that is one of the highest security protocols out there,' said Gene Yu, CEO of Singapore-based cyber incident response firm Blackpanda.
The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers.
Researchers at Eye Security were first to identify the vulnerability, the company said.
Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems.
Vaisha Bernard, chief hacker and co-owner of Eye Security, said his team identified a wave of attacks on Friday evening and a second wave on Saturday morning.
The attacks, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised.
He declined to identify the identities of organizations that had been targeted, but said they included government agencies and private companies, including 'bigger multinationals.' The victims were located in countries in North and South America, the European Union, South Africa, and Australia, he added.
Advertisement
It was not clear who was behind the attacks, Bernard said, but 'my gut feeling says it's one group' behind them, due to similarities in the methods he observed during the attacks.
A Microsoft spokesperson declined to comment beyond the company's statement.
Microsoft has faced a series of recent cyberattacks, warning in March that Chinese hackers were targeting remote management tools and cloud applications to spy on a range of companies and organizations in the US and abroad.
The Cyber Safety Review Board, a White House-mandated group designed to examine major cyberattacks, said last year that Microsoft's security culture was 'inadequate' following the 2023 hack of the company's Exchange Online mailboxes. In that incident, hackers were able to breach 22 organizations and hundreds of individuals, including former US Commerce Secretary Gina Raimondo.
--With assistance from Lynn Doan.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
18 minutes ago
- Yahoo
TD Cowen Raises Microsoft (MSFT) Price Target to $580, Reiterates ‘Buy'
Microsoft Corporation (NASDAQ:) is one of the AI Stocks on Wall Street's Radar. On July 17, TD Cowen reiterated the stock as 'Buy' and raised its price target on the stock to $580 per share from $540. The rating affirmation is backed by Microsoft's position as a 'clear beneficiary in the AI cycle.' According to the firm's analysis, there are strong performance checks for the Azure Cloud platform and expectations that previous capacity constraints will begin to ease. TD Cowen's new 'bottoms-up' financial model has given them confidence that Azure growth will trend 'well above' current Wall Street expectations in the coming quarters. 'MSFT reports 4Q on 7/30. While shares are hitting all-time highs, we think the story continues to grow increasingly attractive w/ MSFT positioned as a clear beneficiary in the AI cycle.' 'Azure checks were strong, we're expecting capacity constraints to be easing, and our new bottoms-up model gives us confidence in Azure growth trending well above Street in the qtrs ahead. Reiterate Buy. PT to $580.' Microsoft Corporation (NASDAQ:MSFT) provides AI-powered cloud, productivity, and business solutions, focusing on efficiency, security, and AI advancements. While we acknowledge the potential of MSFT as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: and Disclosure: None. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Business Wire
20 minutes ago
- Business Wire
DDC Enterprise Limited (NYSE: DDC) Founder, Chairwoman, and CEO Norma Chu Publishes Shareholder Letter
NEW YORK--(BUSINESS WIRE)-- DDC Enterprise Limited (NYSE: DDC), ('DayDayCook,' 'DDC,' or the 'Company') today issued a corporate update in a Letter to Shareholders from CEO Norma Chu. It has been 60-days since our first 21 bitcoin purchase. Today I'm writing to share an exciting development in DDC's journey to becoming a leading Bitcoin treasury—one that combines disciplined capital management with bold, long-term vision. Earlier this month, we secured a transformative capital commitment of up to $528 million, with an initial funding amount of $53 million to date from esteemed partners like Anson Funds, Animoca Brands, and Kenetic Capital. This achievement accelerated our ability to execute on our Bitcoin accumulation strategy with precision. A Strategic Leap: Filing a $500 Million Universal Shelf (F-3) Today, I'm proud to announce that DDC has taken another decisive step by filing a universal $500 million F-3 shelf registration statement with the U.S. Securities and Exchange Commission. This filing is not about immediate action—it's about ensuring we have the flexibility and readiness to access capital markets efficiently when compelling opportunities arise. In fast-moving markets, agility is everything. The F-3 shelf strengthens our ability to act swiftly, whether for strategic Bitcoin acquisitions, yield optimization, or other value-creating initiatives—all while minimizing dilution and maximizing shareholder value. Our Bitcoin Vision Bitcoin is the most secure, decentralized treasury asset in the world, and our commitment to it is unwavering. With our expanding capital capabilities and operational readiness, I am setting ambitious new targets: 10,000 BTC by the end of 2025 Top 3 Bitcoin treasury company within 3 years This is not just accumulation; it's a strategic mission to position DDC as one of the most significant public Bitcoin treasury vehicles globally. A Disciplined Approach to Growth Our strategy remains focused on value-driven accumulation—leveraging private transactions, derivatives, and yield-enhancing opportunities to build our treasury at optimal cost. Every decision is made with long-term shareholder value in mind. Looking Ahead The steps we're taking today—from securing capital to filing the F-3 shelf—are about preparation. They ensure we're always ready to act in your best interest, turning market opportunities into lasting value. To our shareholders: thank you for your trust. The future we're building is one of scale, innovation, and leadership in the Bitcoin ecosystem. I look forward to sharing more updates as we progress. With conviction and dedication, /s/ Norma Chu Norma Chu Founder, Chairwoman & CEO DDC Enterprise Limited (NYSE: DDC) About DDC Enterprise DDC Enterprise Limited (NYSE: DDC) is spearheading the corporate Bitcoin treasury revolution while maintaining its foundation as a leading global Asian food platform. The Company has strategically positioned Bitcoin as a core reserve asset, executing a bold and accelerating accumulation strategy. While continuing to grow its portfolio of culinary brands, DDC is at the vanguard of public companies integrating Bitcoin into their financial architecture. Caution Regarding Forward-Looking Statements Certain statements in this announcement are forward-looking statements. Investors can identify these forward-looking statements by words or phrases such as 'may,' 'will,' 'expect,' 'anticipate,' 'aim,' 'estimate,' 'intend,' 'plan,' 'believe,' 'is/are likely to,' 'potential,' 'continue' or other similar expressions. Examples of forward-looking statements include those related to business prospects, accumulation of Bitcoin, and the Company's goals and future activity under the financing transactions described above, including the statements on the closings of the offerings and the satisfaction of closing conditions and use of proceeds in the offerings. These statements are subject to uncertainties and risks including, but not limited to, the risk factors discussed in the Risk Factors and in Management's Discussion and Analysis of Financial Condition and Results of Operations sections of our Forms 20-F, 6-K and other reports, including a Form 6-K which with copies of the definitive documents related to the above transactions, to be filed with the Securities and Exchange Commission ('SEC') and available at Although the Company believes that the expectations expressed in these forward-looking statements are reasonable, it cannot assure you that such expectations will turn out to be correct, and the Company cautions investors that actual results may differ materially from the anticipated results and encourages investors to review other factors that may affect its future results in the Company's filings with the SEC. Additional factors are discussed in the Company's filings with the SEC, which are available for review at The Company undertakes no obligation to update or revise publicly any forward-looking statements to reflect subsequent occurring events or circumstances, or changes in its expectations that arise after the date hereof, except as may be required by law.
The Hill
20 minutes ago
- The Hill
Coca-Cola confirms it will launch cane sugar version in US amid Trump ‘enthusiasm'
Coca-Cola Company confirmed on Tuesday that it will launch a cane sugar version of its iconic drink in the U.S. amid President Trump's ' enthusiasm,' coming less than a week after the president revealed the change on social media. 'As part of its ongoing innovation agenda, this fall in the United States, the company plans to launch an offering made with U.S. cane sugar to expand its Trademark Coca-Cola product range,' the company said in a news release. The Atlanta-based company said the addition is 'designed to complement the company's strong core portfolio and offer more choices across occasions and preferences.' Trump said in a post on Truth Social last week that Coca-Cola agreed to use cane sugar in its flagship drink instead of high-fructose corn syrup. 'I have been speaking to Coca-Cola about using REAL Cane Sugar in Coke in the United States, and they have agreed to do so,' the president wrote on Wednesday. 'I'd like to thank all of those in authority at Coca-Cola. This will be a very good move by them — You'll see. It's just better!' The soft drink giant did not confirm the change last week, but said it appreciated Trump's 'enthusiasm' for the brand and that more details on 'new innovative offerings within our Coca‑Cola product range will be shared soon.' The soda sold in the U.S. is usually sweetened with corn syrup, while other countries — like Mexico, already use cane sugar. The 'Mexican Coke' is also sold in the U.S. Trump has been a longtime aficionado of Diet Coke, with the president having a red button installed at the Resolute Desk during his first term. When pressed, a staffer would bring the drink to the president.
