Microsoft issues urgent patch as SharePoint exploit spreads globally: How to stay safe online
Over the weekend, Microsoft issued a critical security alert warning of 'active attacks' on on-premise SharePoint servers, widely used by organisations and government bodies to manage and share internal documents. Notably, the tech giant clarified that SharePoint Online, part of its Microsoft 365 cloud suite, was not affected by the exploit, which is being classified as a "zero-day" vulnerability, meaning it was previously unknown to cybersecurity professionals.
Rafe Pilling, Director of Threat Intelligence at British cybersecurity firm Sophos, indicated that evidence pointed towards a single entity executing the campaign. 'Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it is possible that this will quickly change,' Pilling noted. He highlighted the use of identical digital payloads across various targets as a significant indicator of a singular source.
While Microsoft confirmed that it had released security updates to address the flaw, the company urged users to install the patches without delay. However, cybersecurity experts caution that remediation may require more than just patch deployment.
Daniel Card, of the UK-based consultancy PwnDefend, warned that the scope of the attack suggested a broad level of compromise. 'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally. Taking an assumed breach approach is wise, and it is also important to understand that just applying the patch is not all that is required here,' he said.
According to Shodan, a search engine that indexes internet-connected devices, over 8,000 SharePoint servers currently accessible online may have already been exposed to the exploit. These include systems belonging to prominent industrial companies, financial institutions, healthcare providers, auditors, and multiple U.S. state and international government organisations.
The identity of the attacker remains unknown. Moreover, the US Federal Bureau of Investigation (FBI) acknowledged the incident on Sunday, stating that it was working alongside both federal partners and private sector entities to assess the situation.
Meanwhile, the UK's National Cyber Security Centre has yet to respond publicly.
The Washington Post reported that unidentified cyber actors had recently leveraged the SharePoint vulnerability to target both American and international agencies, suggesting the campaign could have extensive geopolitical ramifications.
(With inputs from Reuters)
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mint
29 minutes ago
- Mint
Valterra Platinum First-Half Profit Falls on Rain-Hit Output
(Bloomberg) -- Valterra Platinum Ltd. said first-half profit fell 91%, after flooding at a key mine cut production and the company incurred costs during its recent spinoff from Anglo American Plc. The Johannesburg-based miner slashed its interim dividend to 2 rand per share, a drop of 79% from a year earlier, according to results released on Monday. Valterra completed its separation from Anglo at the start of June when it also added a secondary listing in London. While the flooding curbed first-half output at its Amandelbult operation by 45%, Valterra still expects to meet its annual target for refined production of 3 million to 3.4 million ounces of platinum-group metals. The impacted mine is the second largest in the South African company's portfolio, after Mogalakwena. The section of Amandelbult that was most impacted by heavy rains in February resumed operations in June and is expected to reach normal production in the current quarter, Valterra said. The company said production of refined platinum-group metals was down 22% to 1.4 million ounces during the first six months of the year, due to lower availability of concentrates and a stock count that takes place every three years. While Valterra and its peers in South Africa – which is by far the world's largest platinum producer – have been tackling a prolonged slump in PGM prices, there have been recent signs of improvement. Platinum and palladium have risen 56% and 37%, respectively, this year – with most of those increases occurring since the beginning of May. Platinum's gains in the first half of the year 'were underpinned by a more favorable macro-backdrop,' while 'strong Chinese buying, attributed to renewed interest from local jewelry manufacturers and investors, met underwhelming supply given relatively low South African production earlier in the year,' Valterra said. (Updates with information throughout) More stories like this are available on
Mint
29 minutes ago
- Mint
New IPO: NephroPlus files papers with Sebi for ₹353.4 crore IPO to expand Dialysis clinics
Nephrocare Health Services Limited, widely recognized under the brand name NephroPlus, has filed a Draft Red Herring Prospectus (DRHP) with the Securities and Exchange Board of India (SEBI) to raise ₹ 353.4 crore through an initial public offering (IPO). The Hyderabad-based company plans to use the proceeds to expand its network of dialysis clinics across India and repay outstanding debt, with the balance allocated to general corporate purposes. The IPO will include a fresh issue of equity shares worth ₹ 353.4 crore and an offer-for-sale (OFS) of up to 1.27 crore equity shares by promoter and non-promoter shareholders. Among the OFS participants are Investcorp Private Equity Fund II, Healthcare Parent Limited, Edoras Investment Holdings Pte. Ltd., and 360 One Special Opportunities Fund. The company may also consider a pre-IPO placement of up to ₹ 70.6 crore, which would reduce the size of the fresh issue accordingly. Established in 2009, NephroPlus has emerged as Asia's largest dialysis services provider and the fifth-largest globally in terms of the number of treatments performed in FY25, according to a Frost & Sullivan report. As of now, the company operates 447 clinics across 269 cities in 21 Indian states and 4 Union Territories, serving over 33,000 patients annually. NephroPlus commands more than 50 percent revenue market share in India's organised dialysis services market. NephroPlus has also made a significant push into international markets. It currently operates 34 clinics in the Philippines, 5 in Nepal, 4 in Uzbekistan, and recently entered Saudi Arabia in a bid to tap the Middle East healthcare market. The company's promoters include Vikram Vuppala, BVP Trust (Bessemer Venture Partners), and Investcorp-affiliated entities. As per the DRHP, NephroPlus will allocate ₹ 129.1 crore from the fresh issue proceeds towards setting up new dialysis clinics in India, which aligns with its strategy to grow its domestic footprint. An additional ₹ 136 crore will be used to pre-pay or repay certain existing borrowings, enhancing the company's financial flexibility and improving its balance sheet. In FY25, the company reported ₹ 755.8 crore in revenue from operations and a profit after tax of ₹ 67 crore, reflecting robust growth amid increasing demand for kidney care services. With chronic kidney disease (CKD) rising as the third fastest-growing cause of death globally, and diabetes and hypertension being its primary drivers, NephroPlus is well-positioned to benefit from secular health trends. ICICI Securities, Ambit Private Limited, IIFL Capital Services, and Nomura Financial Advisory and Securities (India) are acting as Book Running Lead Managers (BRLMs) for the IPO. Disclaimer: The views and recommendations made above are those of individual analysts or broking companies, and not of Mint. We advise investors to check with certified experts before making any investment decisions.
Mint
an hour ago
- Mint
Knowledge Realty Trust's Rs4,800-crore IPO to open on 5 August
BENGALURU : Knowledge Realty Trust (KRT), a real estate investment trust (Reit) sponsored by Bengaluru-based developer Sattva Group and asset manager Blackstone, is set to launch its initial public offering (IPO) on 5 August, said two persons close to the development. The proposed ₹4,800-crore IPO secured approval from the Securities and Exchange Board of India (Sebi) on Friday. The offer will be open from 5 to 8 August. This will be Asia's second-largest Reit by size and India's largest by gross asset value (around ₹62,000 crore) and net operating income, owning over 46 million square feet of office space across 29 assets in six cities, mainly Mumbai, Bengaluru, and Hyderabad. 'The price band will be announced on 30 July. The Reit will be listed in mid-August," said one of the two persons cited above, on the condition of anonymity. In June, KRT became the first ever Reit to conclude a pre-IPO fundraising exercise. It raised ₹1,400 crore from investors, including JM Financial, Radhakishan Damani (promoter of DMart), and 360 One Wam Ltd, in a pre-IPO placement. The round was fully subscribed by domestic high-net-worth individuals (HNIs) and family offices, signalling investor confidence ahead of the public issue. 'A substantial amount of the total ₹6,200 crore primary raise will be used for debt repayment. There will be no secondary sale," said the second person. A KRT spokesperson didn't respond to Mint's queries. The KRT IPO KRT filed its IPO draft papers with Sebi in March. Blackstone—sponsor of three of the four listed Reits in India—will own 55% of the Reit, while the Sattva Group will hold the rest. The KRT Reit has a 'brand neutral' strategy. It aims to acquire assets inorganically and give opportunities to other developers to contribute their assets to the Reit while maintaining their brand identity. Shirish Godbole, former managing director of Morgan Stanley Real Estate Funds in India, is the trust's chief executive officer; Quaiser Parvez, former CEO of Blackstone-owned Nucleus Office Parks, is its chief operating officer. Reits have faced their share of challenges in recent years, many of them pandemic-induced. But with the office market turning around, they are gaining more acceptance. Around 90% of the Sattva-Blackstone Reit is leased to marquee tenants, split between multi-national corporations and global capability centres (GCCs). Some of the marquee assets owned by the Trust include One BKC and One World Center in Mumbai, Knowledge City and Knowledge Park in Hyderabad and Cessna Business Park and Sattva Softzone in Bengaluru.
