Tech Tuesday: Microsoft security breaches and more
Tim Batt joins Jesse to discuss the security breach affecting Microsoft's SharePoint, and also the company's plan to offset carbon emissions with a new deal with Vaulted Deep (via Tom's Hardware). It's a dual waste management solution designed to help remove carbon from the atmosphere in a bid to protect nearby towns from contamination, by burying a lot of waste deep underground.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
RNZ News
an hour ago
- RNZ News
Taranaki mayors want hydrogen kick-start from Wellington
Hydrogen is touted as a fuel with lower carbon emissions, especially for fuel-cell powered heavy trucks. Photo: Supplied / Hiringa Energy Taranaki mayors want central government to partner up with their councils to kick-start a hydrogen industry. This despite ongoing questions about the gas's effectiveness in reducing carbon emissions. The Taranaki Mayoral Forum said Wellington should financially back the region as it is the logical base for hydrogen energy production. That work would include both onshore and offshore exploration. As economies attempt to move away from fossil fuels, hydrogen is touted as a lower-carbon-emission alternative with no pollution from the exhaust pipe. It is especially promising for freight trucks, which are hard to power by battery. The mayors' submission to the Ministry of Business, Innovation and Enterprise on regulating hydrogen has admitted drawbacks: hydrogen's green credentials depend on how it's made. The forum emphasised hydrogen is not a silver bullet for climate change - noting that other technologies, scaled-up mitigation and behaviour change were also necessary. Despite those doubts, the mayors enthusiastically pitched Taranaki as New Zealand's best bet for a hydrogen headquarters, asking the government to take "proactive action". "Government support may be required to help kick-start an industry in New Zealand and make sure risks are appropriately managed." The forum is made up of the New Plymouth, Stratford and South Taranaki district mayors and the chair of Taranaki Regional Council. Their submission points to Taranaki's experience in energy production, existing infrastructure, and promising geology - as well as councils' experience in regulating the energy sector. Hiringa Energy's project to make hydrogen at Kāpuni powered by windmills taller than Auckland's Sky Tower defeated a court challenge from Te Korowai o Ngāruahine. Photo: Supplied / Hiringa Energy "We would welcome Taranaki being considered as a home base for this industry." The mayors are clear that iwi and hapū need to be in the room from the start. "The Mayoral Forum supports a regulatory regime that provides mana whenua with early and meaningful engagement," their submission said. "Treaty settlements in Taranaki have clear provisions around oil and gas developments, and [we] recommend that the government consider how best to honour those commitments in regulating hydrogen, even if hydrogen may not strictly fall within definitions in Treaty settlements." Different ways to make hydrogen have varying carbon footprints. Manufacturing demands huge amounts of electricity in a relatively inefficient process: Hiringa Energy is gearing up capacity at Kāpuni to make "green" hydrogen with power from four giant windmills, taller than Auckland's Sky Tower. MBIE is investigating "natural" and "orange" hydrogen. Geological processes in the Earth's crust form natural hydrogen, while the orange version is made by injecting water and carbon dioxide into particular mineral formations to stimulate hydrogen generation. The MBIE paper points to two options to regulate the infant industry: The mayors' submission said mana whenua must be part of talks, whatever officials decide. "Whichever regulatory pathway the Crown adopts regarding the RMA or CMA, discussions will be required with iwi and hapū to define rights to the resource." They also suggest collaboration with local booster agency Venture Taranaki and Ara Ake, the region's nationally-focused energy innovation centre. - LDR is local body reporting co-funded by RNZ and NZ on Air.
RNZ News
11 hours ago
- RNZ News
Trump says US will sell 'so much' beef to Australia
By Kanishka Singh and Peter Hobson , Reuters US President Donald Trump says his country will sell "so much" beef to Australia. Photo: AFP/NICOLAS TUCAT US President Donald Trump has applauded Australia relaxing import restrictions on United States beef, adding that other countries that refused US beef products were on notice. Australia on Thursday said it would loosen biosecurity rules for US beef, something analysts predicted would not significantly increase US shipments because Australia is a major beef producer and exporter whose prices are much lower. Australia plans to take US beef for the "first time", Trump said in a post on Truth Social on Thursday, calling it a "very big market". Canberra has restricted US beef imports since 2003 due to concerns about bovine spongiform encephalopathy (BSE), or mad cow disease. Since 2019, it has allowed in meat from animals born, raised and slaughtered in the US but few suppliers were able to prove that their cattle had not been in Canada and Mexico. Last night, in another Truth Social post, Trump said the US would "sell so much to Australia because this is undeniable and irrefutable Proof that US Beef is the Safest and Best in the entire World". "The other Countries that refuse our magnificent Beef are ON NOTICE," the post continued. Trump has attempted to renegotiate trade deals with numerous countries he says have taken advantage of the United States - a characterisation many economists dispute. "For decades, Australia imposed unjustified barriers on US beef," US Trade Representative Jamieson Greer said in a statement, calling Australia's decision a "major milestone in lowering trade barriers and securing market access for US farmers and ranchers". Australia is not a significant importer of beef but the United States is and a production slump is forcing it to step up purchases. Last year, Australia shipped almost 400,000 metric tons of beef worth $2.9 billion (NZ$4.82b) to the United States, with just 269 tons of US product moving the other way. Australian officials say the relaxation of restrictions was not part of any trade negotiations but the result of a years-long assessment of US biosecurity practices. On Wednesday, Australia's agriculture ministry said US cattle traceability and control systems had improved enough that Australia could accept beef from cattle born in Canada or Mexico and slaughtered in the United States. The decision has caused some concern in Australia, where biosecurity is seen as essential to prevent diseases and pests from ravaging the farm sector. "We need to know if (the government) is sacrificing our high biosecurity standards just so Prime Minister Anthony Albanese can obtain a meeting with US President Donald Trump," shadow agriculture minister David Littleproud said in a statement. Australia, which imports more from the US than it exports, faces a 10 percent across-the-board US tariff, as well 50 percent tariffs on steel and aluminium. Trump has also threatened to impose a 200 percent tariff on pharmaceuticals. Asked whether the change would help achieve a trade deal, Australian Trade Minister Don Farrell said: "I'm not too sure." "We haven't done this in order to entice the Americans into a trade agreement," he said. "We think that they should do that anyway." - Reuters
Techday NZ
a day ago
- Techday NZ
Microsoft SharePoint zero-day flaw prompts urgent global response
Organisations around the world are racing to mitigate the impact of a critical zero-day vulnerability in Microsoft's SharePoint server software, which has already been implicated in a series of significant security breaches and is being actively exploited by threat actors, including alleged Chinese nation-state groups. The flaw, catalogued as CVE-2025-53770, was revealed last week after several cyber security researchers, including Microsoft and Google's Threat Intelligence Group, published emergency advisories. Microsoft has clarified that the vulnerability affects only on-premises versions of SharePoint. SharePoint Online, the cloud-based variant included in Microsoft 365, is not impacted by this zero-day flaw. The urgency of the threat became clear after Eye Security researchers published findings that highlighted "active, large-scale exploitation" of the flaw, which they related to a set of vulnerabilities coined "ToolShell." Attackers who successfully exploit CVE-2025-53770 can access sensitive MachineKey configuration details on vulnerable servers, including the validationKey and decryptionKey. These critical parameters can then be used to craft specially designed requests that enable unauthenticated remote code execution, effectively giving attackers full control over the targeted servers. Late breaking fixes for SharePoint Server 2019 and SharePoint Subscription Edition have been made available, with a patch for SharePoint Server 2016 expected to follow. Organisations are being urged to conduct incident response investigations, apply available patches, and closely review Microsoft's temporary mitigation instructions to limit exposure. In recent reports, the scope and impact of the exploit have become clearer. More than 100 servers across at least 60 global organisations, including critical infrastructure such as the US National Nuclear Security Administration, have reportedly been breached via the vulnerability. Cyber security analysts have attributed the campaign to Chinese state-linked groups, among them Linen Typhoon, Violet Typhoon, and Storm-2603. These groups are said to have used stolen credentials to establish persistent access, potentially enabling ongoing espionage even after patches are applied. According to Charles Carmakal, CTO of Mandiant Consulting at Google Cloud, attackers are using the vulnerability to install webshells - malicious scripts that provide ongoing unauthorised access - and to exfiltrate cryptographic secrets from compromised servers. This presents a substantial risk to organisations, as it allows persistent, unauthenticated access by malicious actors. "If your organisation has on-premises Microsoft SharePoint exposed to the internet, you have an immediate action to take," Carmakal said. He stressed that mitigation steps must be implemented without delay, as well as the application of patches as they become available. "This isn't an 'apply the patch and you're done' situation. Organisations need to assume compromise, investigate for any evidence of prior intrusion, and take appropriate remediation actions." Satnam Narang, Senior Staff Research Engineer at Tenable, warned of the widespread consequences, stating: "The active exploitation of the SharePoint zero-day vulnerability over the weekend will have far-reaching consequences for those organisations that were affected. Attackers were able to exploit the flaw to steal MachineKey configuration details, which could be used to gain unauthenticated remote code execution." Narang added that early signs of compromise could include the presence of a file named although it might carry a different extension in some cases. Bob Huber, Chief Security Officer and President of Public Sector at Tenable, commented: "The recent breach of multiple governments' systems […] is yet another urgent reminder of the stakes we're facing. This isn't just about a single flaw, but how sophisticated actors exploit these openings for long-term gain." Huber noted that because Microsoft's identity stack is so deeply embedded in government and corporate environments, a breach in SharePoint can create "a massive single point of failure." He argued for a more proactive, preventative approach to cyber security, emphasising the need for exposure management platforms that provide unified oversight across complex infrastructures. For now, the coordinated response by vendors, security firms, and government agencies continues, as organisations track for signs of compromise and await further guidance on long-term remediation. The incident serves as a stark reminder of the intricate cyber threats faced by modern institutions, and the pressing need for rigorous, ongoing defence strategies against ever-evolving adversaries.
