Who is at risk of 'Microsoft SharePoint hack': 'Anybody who's got a ...'
Sharepoint hack
' is a zero-day vulnerability. A zero-day vulnerability is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability."
Microsoft issued an alert to customers on Saturday, July 19, confirming active exploitation of the previously unknown vulnerability and assuring users that a patch was in the works. By Sunday, July 20, Microsoft updated its guidance, providing crucial instructions for applying the fix to SharePoint Server 2019 and SharePoint Server Subscription Edition.
However, the challenge persists for users of older software, as Microsoft engineers are still developing a solution for SharePoint Server 2016. So, who's all at risk? Adam Meyers, senior vice president at cybersecurity firm CrowdStrike, told news agency AP, "Anybody who's got a hosted SharePoint server has got a problem." Calling it critical, he added, "It's a significant vulnerability."
Cyber security company Eye Security said that attacks likely began on July 18. and it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised.
How can hackers harm organisations impacted by the 'Microsoft Sharepoint' vulnerability
Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive.
Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching.'
CISA warning to companies impacted by Microsoft SharePoint hack
According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting Microsoft SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.' CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Time of India
2 hours ago
- Time of India
US lawmakers raise 'China-Russia Alert'; send letter to Google, Facebook, Microsoft and Amazon: Tell us by August 8 ...
Three prominent Republican House lawmakers have reportedly raised national security concerns about the network of more than 400 subsea cables that handle 99% of international internet traffic and about threats from China and Russia. According to a report by Reuters, these lawmakers have pressed the CEOs of Alphabet, Meta, and Microsoft on the security of critical submarine communications cables, citing escalating national security concerns. The move comes as Washington raises alarms about potential threats from China and Russia to the vast network of over 400 subsea cables that carry an estimated 99% of global internet traffic. What the letter from Republican lawmakers to Google, Facebook, Microsoft and Amazon says In a letter sent Monday (July 21), Representatives John Moolenaar (Chair of the House panel on China), Carlos Gimenez (Chair of a relevant subcommittee), and Keith Self (Chair of another relevant subcommittee) voiced particular apprehension regarding the continued involvement of "China-affiliated entities such as SBSS, Huawei Marine, China Telecom, and China Unicom" in the maintenance and servicing of cable systems in which the tech giants hold direct or indirect operational involvement or ownership. The lawmakers stated their committees are "examining the extent to which foreign adversarial actors are positioning themselves, both overtly and covertly, to compromise subsea cable systems at key points of vulnerability." They have given the companies until August 8 to disclose any instances of suspected hardware tampering, optical signal tapping, unexpected signal distortion, or other operational irregularities observed during cable repair or maintenance. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like A genetic disorder that is damaging his organs. Help my son Donate For Health Donate Now Undo "A growing body of evidence points to a pattern of coordinated malign activity linked to the People's Republic of China and the Russian Federation targeting subsea infrastructure in the Baltic Sea, Indo-Pacific, and other strategic regions," the letter asserted. Letter follows attack on subsea infrastructure This congressional inquiry follows recent actions and incidents highlighting the vulnerability of subsea infrastructure. Recently, Federal Communications Commission (FCC) Chair Brendan Carr announced the agency's plan to implement rules prohibiting companies from connecting undersea submarine communication cables to the United States if they incorporate Chinese technology or equipment. Since 2020, U.S. regulators have been instrumental in blocking four proposed cable projects intended to link the United States with Hong Kong. More recently, in November 2024, two fiber-optic undersea telecommunication cables in the Baltic Sea were severed, prompting sabotage investigations. In 2023, Taiwan accused two Chinese vessels of cutting the only two cables providing internet access to the Matsu Islands. Additionally, Houthi attacks in the Red Sea have been implicated in the severing of three cables vital for internet service to Europe and Asia. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time of India
3 hours ago
- Time of India
Malaysia to establish data centre framework to streamline policies
Malaysia will establish a data centre framework in October to streamline policies and development in the sector, the trade and digital ministries said on Tuesday. The Malaysian Investment Development Authority will be the main agency to approve all new data centre projects and investments, as well as the expansion of existing projects, the ministries said in a joint statement. Malaysia has recently seen a boom in data centres , driven by growing demand for artificial intelligence, with technology giants like Microsoft, Nvidia, Alphabet's Google and ByteDance announcing billions of dollars of investments in the country since the beginning of last year. Data centre facilities in the Southeast Asian country are projected to quadruple in the next decade from the current 18. The government's framework will ensure that policies are aligned with data centre planning in a way that will drive the growth of Malaysia's digital economy, the ministries said. "Transparent and thorough policies are important to continue reassuring investors about the goals of sustainable growth in the country's digital economy for the benefit of the Malaysian people and business sectors," Digital Minister Gobind Singh Deo said in the statement.
Time of India
4 hours ago
- Time of India
Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows
A Microsoft spokesperson confirmed on Tuesday that its initial solution did not work. The spokesperson added that Microsoft had released further patches that fixed the issue. It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend and is expected to escalate as other hackers join the fray. Tired of too many ads? Remove Ads Tired of too many ads? Remove Ads A security patch released by Microsoft earlier this month failed to fully fix a critical flaw in the US tech company's SharePoint server software that had been identified at a hacking competition in May, opening the door to a sweeping global cyber espionage operation , according to a timeline of events reviewed by Reuters.A Microsoft spokesperson confirmed on Tuesday that its initial solution did not work. The spokesperson added that Microsoft had released further patches that fixed the issue. It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend and is expected to escalate as other hackers join the fray. Microsoft said in a blog post that two allegedly Chinese hacking groups , dubbed " Linen Typhoon " and "Violet Typhoon," were exploiting the vulnerabilities, along with another China-based hacking and Alphabet's Google have said that China-linked hackers were likely behind the first wave of hacks. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations. In an emailed statement, the Chinese embassy in Washington said China opposes all forms of cyberattacks, and "smearing others without solid evidence." The vulnerability that facilitated the attack was first identified in May at a hacking competition in Berlin organised by cybersecurity firm Trend Micro, which offered cash bounties for the discovery of computer bugs in popular offered a $100,000 prize for "zero-day" exploits - which are called that because they leverage previously undisclosed digital weaknesses that could be used against SharePoint, Microsoft's flagship document management and collaboration platform.A researcher working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam's military, identified a SharePoint bug at the event, dubbed it "ToolShell" and demonstrated a method of exploiting it. The researcher was awarded $100,000 for the discovery, according to a post on X by Trend Micro's "Zero Day Initiative."In a statement, Trend Micro said it was the responsibility of vendors participating in its competition to patch and disclose security flaws in "an effective and timely manner." "Patches will occasionally fail. This has happened with SharePoint in the past," the statement said. Microsoft said in a July 8 security update that it had identified the bug, listed it as a critical vulnerability, and released patches to fix 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers. "Threat actors subsequently developed exploits that appear to bypass these patches," British cybersecurity firm Sophos said in a blog post on pool of potential ToolShell targets remains to data from Shodan, a search engine that helps identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, while cautioning that the figure was a minimum. It said most of those affected were in the United States and Germany, and the victims included government organisations. Germany's federal office for information security, BSI, said on Tuesday it had found SharePoint servers within government networks that were vulnerable to the ToolShell attack but none had been compromised.
