Microsoft server hack hits about 100 organisations
Microsoft on Saturday issued an alert about "active attacks" on self-managed SharePoint servers, which are widely used by government agencies and businesses to share documents within organisations.
Dubbed a "zero day" because it leverages a previously undisclosed digital weaknesses, the hacks allow spies to penetrate vulnerable servers and potentially drop a back door to secure continuous access to victim organisations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the ShadowServer Foundation had uncovered nearly 100 victims altogether — and that was before the technique behind the hack was widely known.
"It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other back doors."
He declined to identify the affected organisations, saying that the relevant national authorities had been notified. The ShadowServer Foundation didn't immediately return a message seeking comment.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
"It's possible that this will quickly change," said Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack.
The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of "a limited number" of targets in the United Kingdom.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several US state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
"Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Zawya
9 minutes ago
- Zawya
Sterling bounces off two-year low on euro, soft on dollar
The pound briefly hit a two-year low versus the euro on Monday, before rebounding, and dipped on the dollar, though its moves were largely a function of those elsewhere as investors digested the announcement of an EU-U.S. trade deal. The pound was last down 0.2% on the dollar at $1.34185, its lowest in a week, having struggled late last week because of soft British retail sales and business activity data. The pound was more volatile against the euro, which rose as high as 87.69 pence in early Asia trade, its highest since May 2023, as its gains last week were extended in a kneejerk bounce after the announcement of the trade deal. The common currency then reversed course, both broadly, and on the pound, as investors speculated that U.S. trade deals, in aggregate, would boost the dollar and so the euro's gains at its expense would cease. On the pound the euro was last down 0.5% at 86.99 pence. Investors are divided on sterling, partly due to disagreement on whether the Bank of England will step up the pace of its rate cuts later this year, something that would weigh on the currency. Inflation in Britain has proven sticky, meaning policymakers are loath to cut rates too quickly unless they are forced to, and recent data - soft but not terrible - has not yet definitively answered that question. "Another round of only modestly weaker data than expected were enough to push sterling to fresh lows versus the euro," said Barclays analysts in a note. "In our view, the pound's weakness is overdone and due a correction," they said, anticipating that the euro will fall to around 85 pence, which would be consistent with the gap between British and euro zone interest rates. Others expect that more BoE cuts, while the ECB now appears to be on hold, would hurt the pound against the euro. Nomura analysts see the euro rising to 89.75 pence. Little British economic data is due this week. The BoE meets next week, and markets are all but fully pricing in a 25 basis point rate cut, one of only two more they expect this year. (Editing by David Holmes)
Khaleej Times
39 minutes ago
- Khaleej Times
AI-powered EdTech platform Schooligio.ai set to transform global student counselling
Artificial Intelligence is rapidly transforming the education landscape, with AI-powered EdTech platforms emerging as essential tools for personalised learning, student engagement, and academic planning. As the world of education evolves, traditional models of career and college counselling are being replaced by intelligent, data-driven systems that provide real-time, customised support to students and educators alike. These platforms offer scalable solutions to bridge longstanding gaps in access, affordability, and efficiency, particularly in high-stakes areas like career discovery and college admissions. One such pioneering platform is a new AI-driven solution built specifically to democratise career and college guidance for high school students. Set to launch globally on August 1, 2025, is the brainchild of two veteran counsellors — Caroline Linger and Jose Kumar who have spent decades helping thousands of students secure admissions into top universities, including Stanford, Oxford, MIT, and the Ivy Central. Their platform blends deep human expertise with the latest advancements in artificial intelligence to offer personalised, ethical, and affordable counselling on a global scale. addresses the rising demand for customised guidance by offering 24/7 mentorship tailored to each student's interests, academic strengths, financial background, and goals. From early career exploration to curating standout college applications, the platform generates step-by-step pathways for every learner. Built to meet international data privacy standards such as FERPA, GDPR, and COPPA, Schooligio ensures a secure and compliant environment for both students and institutions. The platform doesn't just support students, it's designed to work alongside school counsellors as a powerful assistant. automates administrative tasks like progress tracking and report generation, giving educators more time to focus on meaningful student interactions. It also gives parents a transparent view into their child's development and access to reliable scholarship and financial aid information, making it easier for families to plan their academic future. What makes stand out is its commitment to access and equity. While private counselling services remain out of reach for many, Schooligio is built to serve all segments, offering free access to under-resourced schools, scholarships for students in financial need, and low-cost subscriptions for individual learners. Schools around the world can now apply for early access, with student subscriptions opening on the official launch date, August 1. Schooligio will also be showcased at the upcoming IC3 Annual Conference & Expo, taking place on August 20–21 at the Jio World Convention Centre in Mumbai. With this year's theme 'Counselling as a Culture,' the event provides a fitting platform to demonstrate how AI and human insight can combine to transform student outcomes. As AI continues to reshape the global EdTech ecosystem, platforms like are setting new benchmarks for what technology can achieve in education.
Zawya
an hour ago
- Zawya
Kaspersky reveals SharePoint ToolShell vulnerabilities stem from incomplete 2020 fix
Kaspersky's Global Research and Analysis Team (GReAT) discovered that the recently exploited ToolShell vulnerabilities in Microsoft SharePoint originate from an incomplete fix for CVE-2020-1147, first reported in 2020. The SharePoint vulnerabilities have emerged as a major cybersecurity threat this year amid active exploitation. Kaspersky Security Network showed exploitation attempts worldwide, including in Egypt, Jordan, Russia, Vietnam and Zambia. The attacks target organizations across government, finance, manufacturing, forestry and agriculture sectors. Kaspersky solutions proactively detected and blocked ToolShell attacks before the vulnerabilities were publicly disclosed. Kaspersky GReAT researchers analyzed the published ToolShell exploit and found it alarmingly similar to the 2020 CVE-2020-1147 exploit. This suggests that the CVE-2025-53770 patch is, in fact, an effective fix for the vulnerability that CVE-2020-1147 attempted to address five years ago. The connection to CVE-2020-1147 became evident following the discovery of CVE-2025-49704 and CVE-2025-49706, patched on July 8. However, these fixes could be bypassed by adding a single forward slash to the exploit payload. Once Microsoft learned of active exploitation of these vulnerabilities, they responded with comprehensive patches that addressed potential bypass methods, designating the vulnerabilities as CVE-2025-53770 and CVE-2025-53771. The surge in attacks against SharePoint servers worldwide occurred during the window between initial exploitation and full patch deployment. Despite patches now being available for the ToolShell vulnerabilities, Kaspersky expects attackers will continue exploiting this chain for years to come. "Many high-profile vulnerabilities remain actively exploited years after discovery — ProxyLogon, PrintNightmare and EternalBlue still compromise unpatched systems today. We expect ToolShell to follow the same pattern: its ease of exploitation means the public exploit will soon appear in popular penetration testing tools, ensuring prolonged use by attackers," said Boris Larin, principal security researcher at Kaspersky GReAT. To stay safe, Kaspersky recommends: Organizations using Microsoft SharePoint must apply the latest security patches immediately. This applies to all high-risk vulnerabilities, as even brief exposure can lead to compromise. Deploy cybersecurity solutions that protect against zero-day exploits when patches aren't yet available. Kaspersky Next, with its Behavior Detection component, proactively blocks exploitation of such vulnerabilities. Read the full report on About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at
