Microsoft flaw 'opens the door' for hackers. It will be hard to close
The hackers exploited a vulnerability in Microsoft SharePoint, an Internet-based app primarily used by government agencies and private companies for internal documents and records. The company alerted customers to the problem on July 19, and on July 20 issued guidance on how to fix it.
The Cybersecurity and Infrastructure Security Agency, a branch of the US Department of Homeland Security, said on July 20 that it's still assessing the scope of the attacks.
"CISA was made aware of the exploitation by a trusted partner and we reached out to Microsoft immediately to take action," Chris Butera, CISA acting executive assistant director for cybersecurity, said in a statement. "Microsoft is responding quickly, and we are working with the company to help notify potentially impacted entities about recommended mitigations."
Cybersecurity company Eye Security scanned more than 8,000 SharePoint servers worldwide and found that dozens of organisations were compromised during attacks from Friday through Monday. Eye Security said it discovered the attacks.
Microsoft and cybersecurity experts said customers who use SharePoint through a cloud-based server aren't at risk. It's organisations that use their own, on-premises servers for SharePoint are vulnerable. That likely includes government agencies, schools, hospitals and large companies.
Eye Security and Microsoft urged customers to follow Microsoft's guidance for mitigating exposure from hackers floating into a network and stealing data. In other intrusions, hackers have stolen identifying information of customers as well as intellectual property and internal communications.
"The risk is not theoretical," Eye Security said in a blog post.
The vulnerability in the system is referred to as a "zero-day" exploit, which means it's a flaw that the company wasn't aware of. Therefore, the company's security team had zero days to prepare a patch or fix.
CISA said malicious hackers are able to manipulate code within an organisation's SharePoint network if they gain access.
Microsoft labelled the severity of the flaw as critical, the most serious designation in its security guide. Unit 42, a team of cyber threat researchers with Palo Alto Networks, said it was a severe and urgent threat.
Michael Sikorski, chief technical officer for Unit 42, said in a statement that attackers are bypassing passwords and other security measures in SharePoint to gain access to sensitive data and establish footholds. They're able to create backdoors into networks that survive reboots and updates.
"If you have SharePoint (on-premises) exposed to the Internet, you should assume that you have been compromised at this point," he said. "Patching alone is insufficient to fully evict the threat."
SharePoint is deeply connected with Microsoft's suite of products, including services like Outlook and Teams, which makes the attacks especially concerning, according to Sikorski.
"A compromise doesn't stay contained – it opens the door to the entire network," he said.
In a threat brief on Monday, Palo Alto Networks recommended customers to follow Microsoft's guidance.
The attacks come four months after researchers at cybersecurity company Trend Micro reported another zero-day exploit at Microsoft. In that case, state-sponsored attackers from North Korea, Iran, Russia and China were able to manipulate a flaw in shortcut links on Windows to steal data and cryptocurrency. – The Seattle Times/Tribune News Service
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Star
3 hours ago
- The Star
Vietnam's passport ranking rises to 84th in the world, unlocking new opportunities for global travel and integration
Vietnamese passport holders can now enter 51 destinations without a traditional visa - on par with several other developing nations. -- Photo: HANOI (Vietnam News/ANN): Vietnam's passport has climbed seven places to rank 84th out of 199 countries and territories in the Henley Passport Index for the third quarter of 2025, up from 91st earlier this year and 87th in 2024. The improvement, announced on July 22 by UK-based Henley & Partners, signals stronger global confidence in Vietnam and presents broader opportunities for its citizens in tourism, trade, and international integration. The Henley Passport Index ranks passports based on the number of destinations their holders can access without a visa, or with simplified procedures such as e-visas, visas on arrival, or electronic travel authorisations (ETAs). Vietnamese passport holders can now enter 51 destinations without a traditional visa - on par with several other developing nations. Though still ranked in the lower-middle tier globally, the recent jump reflects growing trust in Vietnam's foreign policy, administrative transparency, and international reputation. It is also one of Vietnam's most significant upward moves since Henley & Partners began tracking global passport access nearly two decades ago using data from the International Air Transport Association (IATA). Vietnamese citizens can currently travel visa-free or with simplified entry to several Asean countries, including Thailand, Singapore, Indonesia, and the Philippines, as well as to destinations in Africa, South America, Central Asia, and South Asia, such as Kenya, Panama, Kyrgyzstan, Iran, and the Maldives. In South-East Asia, Vietnam's passport ranks above Laos (92nd) and Myanmar (93rd), while Singapore remains at the top worldwide with visa-free access to 195 destinations. According to tourism and policy experts, a passport's ranking reflects more than mobility, it serves as a 'soft measure' of a country's political stability, global standing, and the trust placed in its citizens. The improvement also mirrors Vietnam's efforts in bilateral diplomacy, upgrades in e-passport systems, and negotiations for visa waivers with countries across Asia, Africa, and the Pacific. Experts also noted the broader impact on outbound tourism. Visa-free access stimulates demand for international travel and enables Vietnamese tour operators to design more diverse and high-end packages. Better passport access allows students, businesspeople, and workers to engage internationally with greater ease, enhancing Vietnam's role as a contributor to global culture, trade, and diplomacy. As Vietnam continues to modernise its passport system and expand diplomatic ties, the rising passport ranking not only reflects progress but also serves as a gateway for millions to explore the world and represent their country with pride. According to the National Statistics Office, more than 4 million Vietnamese citizens traveled abroad in the first half of 2025, marking a 53.9% increase compared to the same period in 2024. - Vietnam News/ANN
New Straits Times
6 hours ago
- New Straits Times
Humanoid robots embodiment of China's AI ambitions
SERVING craft beer, playing mahjong, stacking shelves and boxing, the dozens of humanoid robots at Shanghai's World AI Conference (WAIC) this weekend were embodiments of China's growing AI prowess and ambition. The annual event is primed at showcasing China's progress in the ever-evolving field of artificial intelligence, with the government aiming to position the country as a world leader on both technology and regulation as it snaps at the United States' heels. Opening the event on Saturday, Premier Li Qiang announced China would set up a new organisation for cooperation on AI governance, warning the benefits of development must be balanced with the risks. But in the cavernous expo next door, the mood was more giddy than concerned. "Demand is currently very strong, whether in terms of data, scenarios, model training, or artificial construction. The overall atmosphere in all these areas is very lively," said Yang Yifan, R&D director at Transwarp, a Shanghai-based AI platform provider. This year's WAIC is the first since a breakthrough moment for Chinese AI this January when startup DeepSeek unveiled an AI model that performed as well as top US systems for an apparent fraction of the cost. Organisers said the forum involved more than 800 companies, showcasing over 3,000 products – the undeniable crowd pleasers being the humanoid robots and their raft of slightly surreal party tricks. At one booth, a robot played drums, half a beat out of time, to Queen's "We Will Rock You" while a man in safety goggles and a security vest hyped up a giggling crowd. Other droids, some dressed in working overalls or baseball caps, manned assembly lines, played curling with human opponents or sloppily served soft drinks from a dispenser. While most of the machines on display were still a little jerky, the increasing sophistication year-on-year was clear to see. The Chinese government has poured support into robotics, an area in which some experts think China might already have the upper hand over the United States. At Hangzhou-based Unitree's stall, its G1 android – around 130 centimetres (four feet) tall, with a two-hour battery life – kicked, pivoted and punched, keeping its balance with relative fluidity as it shadowboxed around a ring. Ahead of the conference's opening, Unitree announced it would launch a full-size humanoid, the R1, for under US$6,000. Most high-tech helpers don't need hardware though. At the expo, AI companions – in the form of middle-aged businessmen, scantily clad women and ancient warriors – waved at people from screens, asking how their day was, while other stalls ran demos allowing visitors to create their own digital avatars. Tech giant Baidu on Saturday announced a new generation of technology for its "digital humans" – AI agents modelled on real people, which it says are "capable of thinking, making decisions, and collaborating." The company recently ran a six-hour e-commerce broadcast hosted by the "digital human" of a well-known streamer and another avatar. The two agents beat the human streamer's debut sales in some categories, Baidu said. Over 10,000 businesses are using the technology already, the department's head Wu Chenxia told AFP. Asked about the impact on jobs – one of the major concerns raised around widespread AI adoption – Wu insisted that AI was a tool that should be used to improve quality and save time and effort, which still required human input. For now, few visitors to the WAIC expo seemed worried about the potential ramifications of the back-flipping dog robots they were excitedly watching. "When it comes to China's AI development, we have a comparatively good foundation of data and also a wealth of application scenarios," said Transwarp's Yang.
New Straits Times
12 hours ago
- New Straits Times
US investment firm in talks to buy ST Telemedia Global Data Centres
SINGAPORE: US investment firm KKR is in talks to buy Singapore-based ST Telemedia Global Data Centres in a deal that could value the Asian infrastructure provider at more than US$5 billion, Bloomberg News reported on Saturday, citing people familiar with the matter. KKR and STT declined to comment to Reuters' requests for comments on the report. KKR is already a backer of the closely held data centre company with a 14.1 per cent stake, Bloomberg News reported. In 2024, a consortium of KKR and Singapore Telecommunications invested S$1.75 billion (US$1.37 billion) in ST Telemedia, whose businesses include data centres and infrastructure technology.
