logo
Microsoft alerts businesses, governments to server software attack

Microsoft alerts businesses, governments to server software attack

Indian Express3 days ago
Microsoft has issued an alert about 'active attacks' on server software used by government agencies and businesses to share documents within organizations, and it recommended security updates that customers should apply immediately.
The FBI on Sunday said it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details.
In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organizations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks.
The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
The hack is known as a 'zero day' attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk.
Microsoft did not immediately respond to a request for comment.
In the alert, Microsoft said that a vulnerability 'allows an authorized attacker to perform spoofing over a network.' It issued recommendations to stop the attackers from exploiting it.
In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization or website.
Microsoft said on Sunday it issued a security update for SharePoint Subscription Edition, which it said customers should apply immediately.
It said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it said.
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Microsoft snapped up dozens of Google DeepMind staffers in recent months: Report
Microsoft snapped up dozens of Google DeepMind staffers in recent months: Report

Indian Express

time2 minutes ago

  • Indian Express

Microsoft snapped up dozens of Google DeepMind staffers in recent months: Report

Google DeepMind has lost over two dozen AI developers to Microsoft in the past few months, according to a report by CNBC. The Windows maker has hired at least 24 former Google staffers to join the AI team within the company that is led by Mustafa Suleyman, who reports to Microsoft CEO Satya Nadella. Interestingly, Suleyman is one of the co-founders of DeepMind which was acquired by Google back in 2014. Demis Hassabis, another DeepMind co-founder, is now at the helm of the Google AI research division. In 2022, Suleyman exited Google to establish his own startup called Inflection. However, he joined Microsoft last year to lead its AI team along with several other employees who had worked with him at Inflection. The migration of talent from Google to Microsoft comes amid a rapidly intensifying AI talent war. It also follows Microsoft's announcement earlier this month that it was laying off around 9,000 employees or around 4 per cent of its global workforce. Some of the engineers who have been part of the movement of talent are Amar Subramanya, Adam Sadovsky, Sonal Gupta, and Jonas Rothfuss, among others. Subramanya reportedly worked at Google for 16 years and most recently served as the vice president of engineering developing the tech giant's Gemini AI assistant. He has now joined Microsoft AI as a corporate vice president, according to a post on LinkedIn. Sadovsky's stint at Google lasted 18 years. His prior position at the company was senior director at DeepMind. He is now a corporate vice president at Microsoft AI. Until June this year, Gupta was an engineering lead at Google DeepMind. Now, her LinkedIn profile says that she is a member of the technical staff on Suleyman's Microsoft AI team. After a year as an AI research scientist at DeepMind, Rothfuss also joined Microsoft AI in May this year as part of its technical staff. While Microsoft does not appear to have actively poached these individuals, it underscores how AI researchers and engineers are increasingly being traded like star athletes. Among the big tech companies, Meta stands out as the most aggressive in poaching talent. The social media giant recently hired Mark Lee and Tom Gunter, two AI researchers who previously worked at Apple. It has also recruited several employees who previously held roles at OpenAI, Anthropic, and Google DeepMind. Sam Altman, the CEO of OpenAI, claimed that Meta was offering the startup's employees a staggering $100-million signing bonus. The AI researchers who have been poached will be part of Meta's newly formed artificial superintelligence lab that will be led by Alexandr Wang, the co-founder of Scale AI which saw a staggering $14.3 billion investment from Meta last month, along with former GitHub CEO Nat Friedman. Meanwhile, Google successfully hired away the CEO of Windsurf as well as a small group of the AI coding startup's employees in a $2.4 billion deal.

Microsoft server hack has now hit 400 victims, researchers say
Microsoft server hack has now hit 400 victims, researchers say

Time of India

timean hour ago

  • Time of India

Microsoft server hack has now hit 400 victims, researchers say

Academy Empower your mind, elevate your skills A sweeping cyber-espionage campaign organization centered on vulnerable versions of Microsoft's server software has now claimed about 400 victims, according to researchers at Netherlands-based Eye Security The figure, which is derived from a count of digital artifacts discovered during scans of servers running vulnerable versions of Microsoft's SharePoint software, compares to 100 organizations cataloged over the weekend. Eye Security says the figure is likely an undercount."There are many more, because not all attack vectors have left artifacts that we could scan for," said Vaisha Bernard, the chief hacker for Eye Security, which was among the first organizations to flag the spy campaign kicked off after Microsoft failed to fully patch a security holein its SharePoint server software, kicking off a scramble to fix the vulnerability when it was discovered. Microsoft and its tech rival, Google owner Alphabet, have both said Chinese hackers are among those taking advantage of the flaw. Beijing has denied the details of most of the victim organizations have not yet been fully disclosed. Bernard declined to identify them.

Microsoft SharePoint hack may have hit at least 400 organisations globally: Report
Microsoft SharePoint hack may have hit at least 400 organisations globally: Report

Time of India

time2 hours ago

  • Time of India

Microsoft SharePoint hack may have hit at least 400 organisations globally: Report

A widespread cyber-espionage campaign that exploited Microsoft SharePoint servers has reportedly hit nearly 400 organisations, says a Reuters report. The figure, shared by researchers at Dutch firm Eye Security , is based on digital traces found on exposed servers. This marks a sharp increase from roughly 100 victims identified last week and researchers believe the true damage is likely much greater. Zero-day vulnerability in Microsoft SharePoint servers The campaign takes advantage of a serious, unpatched vulnerability in on-premise SharePoint (CVE‑2025‑53770 and CVE‑2025‑53771). It allows attackers to take full control of servers, steal cryptographic keys, install hidden backdoors, and maintain access even after patching. The campaign has struck various sectors, including government, healthcare, finance, education, and manufacturing. Hundreds of servers globally remain exposed—Eye Security's scan covered over 8,000 internet-connected SharePoint servers. On July 18, researchers at Eye Security first noticed the exploit in action. Within hours, scans of Germany, US, and global servers revealed dozens of compromised systems using the same malicious payload. Their initial findings estimated around 100 victim organizations, but follow-up scans expanded the count to nearly 400. The Reuters report quotes Vaisha Bernard, chief hacker at Eye Security who said 'Not all attack methods leave traces that we can detect.' 'There are many more [victims]… so the actual number is almost certainly higher,' he added. Microsoft issues urgent patch for the vulnerability Microsoft confirmed the flaw and released emergency guidance over the weekend, advising affected users to apply patches immediately. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also added the vulnerability to its Known Exploited Vulnerabilities list, mandating remediation by federal agencies by July 21. Having said that, not all SharePoint editions are currently patched, heightening the risk for organizations still running legacy versions. Experts recommend isolating or disconnecting vulnerable servers from the internet until full fixes are applied. Big Question Answered: Why Google is Merging Android and ChromeOS AI Masterclass for Students. Upskill Young Ones Today!– Join Now

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store