US warns about Microsoft Sharepoint cyber vulnerability
Computer security experts say hackers have exploited the loophole and potentially compromised private and public computer networks in the US.
The individual or groups behind the software exploitation is not yet known.
'The incident reveals the growing sophistication of threat actors who have gained internal access to an environment and can now leverage existing resources (like Microsoft Exchange, SharePoint,) to conduct nefarious missions beyond just ransomware attacks, like 'wiper' malware that deletes data,' said Morey Haber, a chief security adviser at cyber security company BeyondTrust.
Mr Haber said Microsoft appears to have responded quickly once the vulnerability to Sharepoint was identified, but added that for some, it might be too little, too late.
'Considering the speed of exploitation, some organisations may be waking up Monday morning to a fresh series of attacks,' he explained.
The various editions of Microsoft Sharepoint are also making it more difficult to provide a one-size-fits-all solution.
Microsoft pointed out that it released a security update for SharePoint 2019, and that other fixes would be on the way.
'We are actively working on updates for SharePoint 2016,' the Redmond, Washington software company posted on X.
Santiago Pontiroli, lead researcher at cyber protection company Acronis, shared more some perspective as to the scale and affect of the cyber attack.
'This incident continues a trend of high-impact attacks against Microsoft infrastructure, including the Exchange mass exploitation in 2021 and the 2023 cloud email breach,' he said.
'Over the past several years, state-aligned and advanced persistent threat groups have repeatedly abused vulnerabilities in Microsoft platforms to gain initial access, steal sensitive data, and establish long-term footholds in enterprise networks.'
Microsoft does, however, invest heavily in trying to prevent such breaches from occurring.
Federal law enforcement agencies regularly work with the company and have a presence at the company's cyber crime centre in Redmond.
That said, Mr Pontiroli pointed out that cyber security is a continuing game of whack-a-mole, and that companies and entities using Sharepoint should take it seriously.
'Organisations still running on-premises SharePoint need to act now,' he said. 'Apply the latest updates, monitor for signs of compromise, and assume exposure if systems were only partially patched.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Khaleej Times
2 hours ago
- Khaleej Times
Trump job cuts: US space agency Nasa to lose nearly 4,000 employees, 20% of workforce
The US space agency National Aeronautics and Space Administration (Nasa) will lose about 3,900 employees under Donald Trump's sweeping effort to trim the federal workforce — at the same time as the president prioritises plans for crewed missions to the Moon and Mars. In an emailed statement, Nasa said around 3,000 employees took part in the second round of its deferred resignation programme, which closed late Friday. Combined with the 870 who joined the first round and regular staff departures, the agency's civil servant workforce is set to drop from more than 18,000 before Trump took office in January to roughly 14,000 — a more than 20 per cent decrease. Those leaving the National Aeronautics and Space Administration on the deferred resignation programme will be placed on administrative leave until an agreed departure date. An agency spokesperson said the figures could shift slightly in the coming weeks. "Safety remains a top priority for our agency as we balance the need to become a more streamlined and more efficient organization and work to ensure we remain fully capable of pursuing a Golden Era of exploration and innovation, including to the Moon and Mars," the agency said. Earlier this year, the Trump administration's proposed Nasa budget put a return to the Moon and a journey to Mars front and centre, slashing science and climate programs. The White House says it wants to focus on "beating China back to the Moon and putting the first human on Mars." China is aiming for its first crewed lunar landing by 2030, while the US program, called Artemis, has faced repeated delays. Nasa is still run by an acting administrator after the administration's initial pick to lead the agency, tech billionaire Jared Isaacman — endorsed by former Trump advisor Elon Musk — was ultimately rejected by the Republican president.
Crypto Insight
10 hours ago
- Crypto Insight
35 companies now hold at least 1,000 Bitcoin as corporate adoption booms
Corporate adoption of Bitcoin is accelerating, with 35 publicly traded companies now holding at least 1,000 BTC each, signaling growing institutional interest in the world's largest cryptocurrency. Demand for Bitcoin is soaring among public companies four months after US President Donald Trump's executive order outlined the creation of a federal Bitcoin reserve for the world's largest economy. According to Chris Kuiper, vice president of research at Fidelity Digital Assets, at least 35 public companies have now surpassed 1,000 BTC in holdings on their balance sheets, worth more than $116 billion at the time of writing, up from 24 companies at the end of Q1. The growing Bitcoin-holding companies signal a 'notable increase in Bitcoin exposure,' said Kuiper in a Thursday X post. 'Bitcoin purchases became more widely distributed across public companies rather than concentrated among a few large buyers,' he added. Fidelity's data was published shortly after Bitcoin flipped Amazon's $2.3 trillion market capitalization to become the world's fifth-largest asset by total valuation, Cointelegraph reported on July 14. Following the new wave of institutional buying, over 278 public entities are now holding Bitcoin, up from 124 just weeks ago, according to The US leads all countries with 94 public entities holding Bitcoin, followed by Canada with 40 and the UK with 19 public BTC holding entities. Corporate Bitcoin investments rise 35% in Q3 2025 The growing institutional accumulation saw total Bitcoin purchases increase 35% quarter-on-quarter, from 99,857 BTC in the first quarter of 2025 to 134,456 BTC in the second quarter. 'Not only did the total purchases increase from Q1 to Q2 of 2025 […], but there are a lot more companies doing the buying,' said Fidelity's Kuiper. Bitcoin's open interest, which is near record levels, also points to growing institutional engagement, according to Iliya Kalchev, dispatch analyst at digital asset platform Nexo. 'Open interest in Bitcoin futures remains elevated above $45 billion, just shy of its historical peak, pointing to continued institutional engagement and speculative leverage,' the analyst told Cointelegraph, adding that the 'short-term trend remains sideways, but positioning suggests markets are bracing for a pivotal stretch.' Source:
Gulf Business
13 hours ago
- Gulf Business
ENEC, Westinghouse ink MoU to accelerate nuclear energy deployment in US
Image: Supplied The Emirates Nuclear Energy Company (ENEC) and US-based Westinghouse Electric Company have signed a memorandum of understanding (MoU) to explore the deployment of advanced nuclear technologies in the United States, the companies said. The agreement, signed in Washington, DC, aims to support the expansion of nuclear power in the US, in line with federal ambitions to quadruple the country's nuclear capacity by 2050. It comes as the US seeks to meet growing electricity demand driven by emerging technologies such as artificial intelligence and data center expansion. Supporting US plans to quadruple nuclear capacity Under the terms of the MoU, ENEC and Westinghouse will explore opportunities to accelerate the rollout of Westinghouse's AP1000 reactors. The companies also plan to collaborate on US nuclear new build and restart projects, reactor deployment models, fuel supply chain cooperation, and operations and maintenance. ENEC touts Barakah experience as model 'This marks a significant step in supporting the United States' bold ambitions to rapidly expand its nuclear fleet,' said Mohamed Al Hammadi, CEO of ENEC. 'With The AP1000 is currently the only large modular reactor design fully licensed and ready for construction in the U.S., according to Westinghouse. Interim CEO Dan Sumner said the company is working with partners to meet a federal target of having 10 new large-scale reactors under construction by 2030. 'A fleet of AP1000 reactors would generate billions in direct economic impact and create tens of thousands of skilled jobs,' Sumner said. 'ENEC's expertise in nuclear deployment is a valuable asset to this goal.' The partnership also aligns with ENEC's international strategy to export nuclear development expertise gained from the Barakah Nuclear Energy Plant in the UAE, which is now fully operational and supplies approximately 25 per cent of the country's ENEC is pursuing global opportunities through its ADVANCE programme, which includes an interest in small modular and advanced reactor technologies. Westinghouse, which built the world's first commercial pressurized water reactor in 1957, is involved in about half of the world's operating nuclear plants. Financial details of the agreement were not disclosed.
