Tech Tuesday: Microsoft security breaches and more
Tim Batt joins Jesse to discuss the security breach affecting Microsoft's SharePoint, and also the company's plan to offset carbon emissions with a new deal with Vaulted Deep (via Tom's Hardware). It's a dual waste management solution designed to help remove carbon from the atmosphere in a bid to protect nearby towns from contamination, by burying a lot of waste deep underground.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
RNZ News
8 hours ago
- RNZ News
Trump says US will sell 'so much' beef to Australia
By Kanishka Singh and Peter Hobson , Reuters US President Donald Trump says his country will sell "so much" beef to Australia. Photo: AFP/NICOLAS TUCAT US President Donald Trump has applauded Australia relaxing import restrictions on United States beef, adding that other countries that refused US beef products were on notice. Australia on Thursday said it would loosen biosecurity rules for US beef, something analysts predicted would not significantly increase US shipments because Australia is a major beef producer and exporter whose prices are much lower. Australia plans to take US beef for the "first time", Trump said in a post on Truth Social on Thursday, calling it a "very big market". Canberra has restricted US beef imports since 2003 due to concerns about bovine spongiform encephalopathy (BSE), or mad cow disease. Since 2019, it has allowed in meat from animals born, raised and slaughtered in the US but few suppliers were able to prove that their cattle had not been in Canada and Mexico. Last night, in another Truth Social post, Trump said the US would "sell so much to Australia because this is undeniable and irrefutable Proof that US Beef is the Safest and Best in the entire World". "The other Countries that refuse our magnificent Beef are ON NOTICE," the post continued. Trump has attempted to renegotiate trade deals with numerous countries he says have taken advantage of the United States - a characterisation many economists dispute. "For decades, Australia imposed unjustified barriers on US beef," US Trade Representative Jamieson Greer said in a statement, calling Australia's decision a "major milestone in lowering trade barriers and securing market access for US farmers and ranchers". Australia is not a significant importer of beef but the United States is and a production slump is forcing it to step up purchases. Last year, Australia shipped almost 400,000 metric tons of beef worth $2.9 billion (NZ$4.82b) to the United States, with just 269 tons of US product moving the other way. Australian officials say the relaxation of restrictions was not part of any trade negotiations but the result of a years-long assessment of US biosecurity practices. On Wednesday, Australia's agriculture ministry said US cattle traceability and control systems had improved enough that Australia could accept beef from cattle born in Canada or Mexico and slaughtered in the United States. The decision has caused some concern in Australia, where biosecurity is seen as essential to prevent diseases and pests from ravaging the farm sector. "We need to know if (the government) is sacrificing our high biosecurity standards just so Prime Minister Anthony Albanese can obtain a meeting with US President Donald Trump," shadow agriculture minister David Littleproud said in a statement. Australia, which imports more from the US than it exports, faces a 10 percent across-the-board US tariff, as well 50 percent tariffs on steel and aluminium. Trump has also threatened to impose a 200 percent tariff on pharmaceuticals. Asked whether the change would help achieve a trade deal, Australian Trade Minister Don Farrell said: "I'm not too sure." "We haven't done this in order to entice the Americans into a trade agreement," he said. "We think that they should do that anyway." - Reuters
Techday NZ
a day ago
- Techday NZ
Microsoft SharePoint zero-day flaw prompts urgent global response
Organisations around the world are racing to mitigate the impact of a critical zero-day vulnerability in Microsoft's SharePoint server software, which has already been implicated in a series of significant security breaches and is being actively exploited by threat actors, including alleged Chinese nation-state groups. The flaw, catalogued as CVE-2025-53770, was revealed last week after several cyber security researchers, including Microsoft and Google's Threat Intelligence Group, published emergency advisories. Microsoft has clarified that the vulnerability affects only on-premises versions of SharePoint. SharePoint Online, the cloud-based variant included in Microsoft 365, is not impacted by this zero-day flaw. The urgency of the threat became clear after Eye Security researchers published findings that highlighted "active, large-scale exploitation" of the flaw, which they related to a set of vulnerabilities coined "ToolShell." Attackers who successfully exploit CVE-2025-53770 can access sensitive MachineKey configuration details on vulnerable servers, including the validationKey and decryptionKey. These critical parameters can then be used to craft specially designed requests that enable unauthenticated remote code execution, effectively giving attackers full control over the targeted servers. Late breaking fixes for SharePoint Server 2019 and SharePoint Subscription Edition have been made available, with a patch for SharePoint Server 2016 expected to follow. Organisations are being urged to conduct incident response investigations, apply available patches, and closely review Microsoft's temporary mitigation instructions to limit exposure. In recent reports, the scope and impact of the exploit have become clearer. More than 100 servers across at least 60 global organisations, including critical infrastructure such as the US National Nuclear Security Administration, have reportedly been breached via the vulnerability. Cyber security analysts have attributed the campaign to Chinese state-linked groups, among them Linen Typhoon, Violet Typhoon, and Storm-2603. These groups are said to have used stolen credentials to establish persistent access, potentially enabling ongoing espionage even after patches are applied. According to Charles Carmakal, CTO of Mandiant Consulting at Google Cloud, attackers are using the vulnerability to install webshells - malicious scripts that provide ongoing unauthorised access - and to exfiltrate cryptographic secrets from compromised servers. This presents a substantial risk to organisations, as it allows persistent, unauthenticated access by malicious actors. "If your organisation has on-premises Microsoft SharePoint exposed to the internet, you have an immediate action to take," Carmakal said. He stressed that mitigation steps must be implemented without delay, as well as the application of patches as they become available. "This isn't an 'apply the patch and you're done' situation. Organisations need to assume compromise, investigate for any evidence of prior intrusion, and take appropriate remediation actions." Satnam Narang, Senior Staff Research Engineer at Tenable, warned of the widespread consequences, stating: "The active exploitation of the SharePoint zero-day vulnerability over the weekend will have far-reaching consequences for those organisations that were affected. Attackers were able to exploit the flaw to steal MachineKey configuration details, which could be used to gain unauthenticated remote code execution." Narang added that early signs of compromise could include the presence of a file named although it might carry a different extension in some cases. Bob Huber, Chief Security Officer and President of Public Sector at Tenable, commented: "The recent breach of multiple governments' systems […] is yet another urgent reminder of the stakes we're facing. This isn't just about a single flaw, but how sophisticated actors exploit these openings for long-term gain." Huber noted that because Microsoft's identity stack is so deeply embedded in government and corporate environments, a breach in SharePoint can create "a massive single point of failure." He argued for a more proactive, preventative approach to cyber security, emphasising the need for exposure management platforms that provide unified oversight across complex infrastructures. For now, the coordinated response by vendors, security firms, and government agencies continues, as organisations track for signs of compromise and await further guidance on long-term remediation. The incident serves as a stark reminder of the intricate cyber threats faced by modern institutions, and the pressing need for rigorous, ongoing defence strategies against ever-evolving adversaries.
RNZ News
2 days ago
- RNZ News
EU backs potential counter-tariffs on 93 billion euros of US goods
The European Commission says its primary focus is to achieve a negotiated outcome to avert 30 percent US tariffs that US President Donald Trump has said he will apply on 1 August. Photo: AFP The European Union's member countries have voted to approve counter-tariffs on 93 billion euros (US$109b) of US goods, which could be imposed should the bloc fail to reach a trade deal with Washington, EU diplomats say. The 27-nation bloc's executive European Commission had said on Wednesday (local time) its primary focus was to achieve a negotiated outcome with Washington to avert 30 percent US tariffs that US President Donald Trump has said he will apply on 1 August. The commission said it would press on in parallel with plans for potential countermeasures, merging two packages of proposed tariffs of 21b euros and 72b euros into a single list and submitting this to EU members for approval. No countermeasures would enter force until 7 August. So far the EU has held back from imposing any countermeasures, despite Trump's repeated announcements of tariffs, the broadest of which have been postponed. EU member states authorised the first package of countermeasures in April, but these were immediately suspended to allow time for negotiations. The EU and United States appear to be heading towards a possible trade deal, according to EU diplomats, which would result in a broad 15 percent tariff on EU goods imported into the US, mirroring a framework agreement Washington struck with Japan. Trump would still need to take any final decision. Under the outlines of the potential deal, the 15 percent rate could apply to sectors including cars and pharmaceuticals and would not be added to long-standing US duties, which average just under 5 percent. There could also be concessions for sectors such as aircraft, lumber as well as some medicines and agricultural products, which would not face tariffs, diplomats said. Washington does not, however, appear willing to lower its 50 percent tariff on steel. - Reuters
