San Francisco rolls out Microsoft's Copilot to city staff
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Newsweek
31 minutes ago
- Newsweek
Microsoft Issues Alert After Critical SharePoint Server Attacks
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Microsoft has issued an urgent security alert warning of "active attacks" targeting SharePoint servers used by government agencies and businesses worldwide. The attacks, discovered over the weekend, exploit a previously unknown vulnerability in the document-sharing software, prompting immediate action from both Microsoft and federal investigators. The Federal Bureau of Investigations (FBI) told Newsweek on Sunday that it is aware of the incidents and working with federal and private-sector partners to address the threat. The Washington Post first reported the hacks, citing unidentified actors who exploited the flaw to target U.S. and international agencies and businesses over the past few days. Newsweek reached out to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) on Sunday via email for comment. Why It Matters This zero-day attack represents a significant cybersecurity threat to organizations relying on SharePoint for internal document management and collaboration. The vulnerability affects government agencies, schools, healthcare systems including hospitals, and large enterprise companies, with attackers bypassing multi-factor authentication and single sign-on protections to gain privileged access. What To Know The vulnerability affects only on-premises SharePoint servers used within organizations, not Microsoft's cloud-based SharePoint Online service. Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek in an email statement that "attackers are bypassing identity controls, including MFA and SSO, to gain privileged access. Once inside, they're exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys." According to Sikorski, the attackers have already established footholds in compromised systems, making patching alone insufficient to fully remove the threat. The compromise extends beyond SharePoint due to its deep integration with Microsoft's platform, including Office, Teams, OneDrive and Outlook. "What makes this especially concerning is SharePoint's deep integration with Microsoft's platform," Sikorski said. "A compromise doesn't stay contained—it opens the door to the entire network." Microsoft has released a security update for SharePoint Subscription Edition and is developing patches for 2016 and 2019 versions. The company recommends organizations that cannot immediately apply protective measures should disconnect their servers from the internet until updates become available. FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash. FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash. (AP Photo/Jason Redmond, File What People Are Saying Microsoft Security Team in a statement: "We recommend security updates that customers should apply immediately." Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek: "If you have SharePoint on-prem exposed to the internet, you should assume that you have been compromised at this point. This is a high-severity, high-urgency threat. We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response." The Cybersecurity and Infrastructure Security Agency said on Sunday: "CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as "ToolShell," provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network." The FBI told Newsweek in an email response that they are: "Aware of the attacks and working closely with federal and private-sector partners," though they declined to provide additional operational details. What Happens Next Organizations using affected SharePoint versions face immediate decisions about disconnecting servers from the internet until patches become available. Palo Alto Networks is actively notifying affected customers and working closely with Microsoft's Security Response Center to provide updated threat intelligence. Microsoft continues developing patches for older SharePoint versions, with timeline details yet to be announced.
Yahoo
an hour ago
- Yahoo
Microsoft warns businesses, governments of cyber attack
Microsoft has issued an alert about "active attacks" on server software used by government agencies and businesses to share documents within organisations. The tech company is recommending security updates that customers should apply immediately. The FBI said it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details. In an alert issued on Saturday, US time, Microsoft said the vulnerabilities apply only to SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks. The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses. The hack is known as a "zero day" attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk. Microsoft did not immediately respond to a request for comment. In the alert, Microsoft said a vulnerability "allows an authorised attacker to perform spoofing over a network". It issued recommendations to stop the attackers from exploiting it. In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organisation or website. Microsoft said it issued a security update for SharePoint Subscription Edition, which it said customers should apply immediately. It said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said.
Yahoo
2 hours ago
- Yahoo
Microsoft alerts businesses, governments to server software attack
WASHINGTON (Reuters) -Microsoft has issued an alert about "active attacks" on server software used by government agencies and businesses to share documents within organizations, and it recommended security updates that customers should apply immediately. The FBI on Sunday said it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details. In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organizations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks. The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses. The hack is known as a "zero day" attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk. Microsoft did not immediately respond to a request for comment. In the alert, Microsoft said that a vulnerability "allows an authorized attacker to perform spoofing over a network." It issued recommendations to stop the attackers from exploiting it. In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization or website. Microsoft said on Sunday it issued a security update for SharePoint Subscription Edition, which it said customers should apply immediately. It said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
