Latest news with #AdamMeyers
Business Times
5 hours ago
- Business
- Business Times
Chinese hackers exploit Microsoft flaws, US nuclear agency hit
[NEW YORK] Microsoft warned that Chinese state-sponsored hackers are among those exploiting flaws in its SharePoint software to break into institutions globally, with the US agency responsible for designing nuclear weapons now among those breached. In a blog post, the tech giant identified two groups supported by the Chinese government, Linen Typhoon and Violet Typhoon, as leveraging flaws in the document-sharing software that rendered customers who run it on their own networks, as opposed to in the cloud, vulnerable. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the blog. The number of companies and agencies subjected to breaches as a result of these exploits is meanwhile mounting: Hackers have used the SharePoint flaws to break into the US National Nuclear Security Administration, according to a source with knowledge of the matter who was not authorised to speak publicly. Bloomberg also reported on Monday (Jul 21) that systems belonging to the US Education Department, Florida's Department of Revenue and the Island General Assembly were compromised. While Microsoft has patched its software in recent days, cybersecurity researchers have already detected breaches on more than 100 servers representing 60 victims thus far, including organisations in the energy sector, consulting firms and universities. Hackers have also exploited the software to break into the systems of national governments from Europe to the Middle East, according to a source familiar with the matter. The SharePoint flaws have been used in hacks since at least Jul 7, said Adam Meyers, senior vice-president at CrowdStrike Holdings. Early exploitation resembled government-sponsored activity, and then spread more widely to include hacking that 'looks like China', Meyers said. CrowdStrike's investigation into the campaign is ongoing, he said. Microsoft said in its blog that its investigations into other threat actors using these exploits 'is still ongoing'. The company said it has 'high confidence' that hackers will 'continue to integrate them into their attacks'. BT in your inbox Start and end each day with the latest news stories and analyses delivered straight to your inbox. Sign Up Sign Up In a statement, the Chinese Embassy in Washington said China firmly opposes all forms of cyberattacks and cybercrime. 'At the same time, we also firmly oppose smearing others without solid evidence,' it said. 'We hope that relevant parties will adopt a professional and responsible attitude when characterising cyber incidents, basing their conclusions on sufficient evidence rather than unfounded speculation and accusations.' No sensitive or classified information is known to have been compromised in the attack on the National Nuclear Security Administration, the source with knowledge of the breach said. The semiautonomous arm of the Energy Department is responsible for producing and dismantling nuclear arms. Other parts of the department were also compromised. An Energy Department spokesperson said by e-mail that the SharePoint exploitation began affecting the agency on Jul 18, but it was limited by the fact that the department uses Microsoft's cloud. Representatives of the US Department of Education and Rhode Island legislature, meanwhile, did not respond to calls and e-mails seeking comment. The Florida Department of Revenue said the SharePoint weaknesses were being investigated 'at multiple levels of government' but declined further comment. The hackers have also breached the systems of a US-based health-care provider and targeted a public university in South-east Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report does not identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. Hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, from some systems, according to a source familiar with the matter, who asked not to be identified discussing sensitive information. 'This is a high-severity, high-urgency threat,' said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks. 'What makes this especially concerning is SharePoint's deep integration with Microsoft's platform, including their services such as Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,' he said. The cyber firm Eye Security said the flaws allow hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems. The breaches have drawn new scrutiny to Microsoft's efforts to shore up its security after a series of high-profile failures. The firm has hired executives from places such as the US government and holds weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms. Eye Security has detected compromises on more than 100 servers representing 60 victims, including organisations in the energy sector, consulting firms and universities. Victims were also located in Saudi Arabia, Vietnam, Oman and the United Arab Emirates, according to the company. In early July, Microsoft issued patches to fix the security holes, but hackers found another way in. 'There were ways around the patches' that enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Vaisha Bernard, Eye Security's chief hacker and co-owner. 'That allowed these attacks to happen.' The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible. He declined to identify the identity of organisations that had been targeted, but said they included government agencies and private companies, including 'bigger multinationals'. The victims were located in countries in North and South America, the European Union, South Africa and Australia, he said. BLOOMBERG
Japan Today
11 hours ago
- Japan Today
What to know about a vulnerability being exploited on Microsoft SharePoint servers
By SHAWN CHEN Microsoft has issued an emergency fix to close off a vulnerability in Microsoft's widely-used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some U.S. government agencies. The company issued an alert to customers on July 19 saying it was aware of the zero-day exploit being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software. 'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. 'It's a significant vulnerability.' Companies and government agencies around the world use SharePoint for internal document management, data organization and collaboration. A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.' Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive. Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching.' Eye Security said in its blog post that it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. The cybersecurity company said the attacks likely began on July 18. Microsoft said the vulnerability affects only on-site SharePoint servers used within businesses or organizations, and does not affect Microsoft's cloud-based SharePoint Online service. But Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, warns that the exploit still leaves many potentially exposed to bad actors. 'While cloud environments remain unaffected, on-prem SharePoint deployments — particularly within government, schools, health care including hospitals, and large enterprise companies — are at immediate risk." The vulnerability targets SharePoint server software so customers of that product will want to immediately follow Microsoft's guidance to patch their on-site systems. Although the scope of the attack is still being assessed, CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched. 'We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response. An immediate, band-aid fix would be to unplug your Microsoft SharePoint from the internet until a patch is available,' Sikorski advises. © Copyright 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
Time of India
a day ago
- Business
- Time of India
Microsoft SharePoint vulnerability: Why MS has released a 'zero-day' urgent update and who is at risk
Microsoft has released an urgent patch for a critical "zero-day" vulnerability in its SharePoint software, after confirming that the flaw was actively exploited by hackers targeting businesses and U.S. government agencies. The company confirmed the vulnerability and issued the fix between July 19 and 20, while security agencies have advised affected organisations to disconnect unpatched servers from the internet. What is the SharePoint zero-day vulnerability? The vulnerability, found in Microsoft SharePoint, is a type of zero-day flaw. Zero-day vulnerabilities refer to unknown security issues that attackers can exploit before developers have time to release a fix. Microsoft SharePoint is widely used by organisations for internal file sharing, team collaboration, and document management. Explore courses from Top Institutes in Please select course: Select a Course Category healthcare Data Science Finance Others Data Science Project Management others Healthcare Leadership Artificial Intelligence Public Policy Data Analytics Technology MCA Digital Marketing Product Management Degree Management CXO PGDM MBA Cybersecurity Design Thinking Skills you'll gain: Duration: 11 Months IIM Lucknow CERT-IIML Healthcare Management India Starts on undefined Get Details Skills you'll gain: Duration: 11 Months IIM Lucknow CERT-IIML Healthcare Management India Starts on undefined Get Details In an alert issued on Saturday, July 19, Microsoft confirmed that the vulnerability was already being exploited. A day later, on Sunday, July 20, the company issued guidance for applying security patches to SharePoint Server 2019 and SharePoint Server Subscription Edition. Microsoft said it was still working on a patch for SharePoint Server 2016. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like Join new Free to Play WWII MMO War Thunder War Thunder Play Now Undo Microsoft Sharepoint: Older servers still at risk Microsoft's fix currently covers only the newer versions of the software. Users of SharePoint Server 2016 will remain exposed until a patch is developed. Experts warn that any organisation running on-premise SharePoint servers should treat the situation as urgent. Adam Meyers, senior vice president at cybersecurity firm CrowdStrike, told the Associated Press, "Anybody who's got a hosted SharePoint server has got a problem." He added, "It's a significant vulnerability." Live Events When did the attacks begin? According to cybersecurity company Eye Security, attackers may have started exploiting the vulnerability as early as July 18. The company said it scanned over 8,000 SharePoint servers globally and found that at least dozens had been compromised. Security researchers identified the exploit as 'ToolShell,' which reportedly allows attackers full access to SharePoint file systems. Services integrated with SharePoint, such as Microsoft Teams and OneDrive, are also at risk. Google's Threat Intelligence Group warned that the flaw could even enable attackers to "bypass future patching." Government warning and recommended action The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has described the exploit as "a variant of the existing vulnerability CVE-2025-49706" and said it threatens organisations using on-premise SharePoint servers. The agency urged affected entities to take their servers offline until they are patched, warning that the impact of the breach could be widespread.
Time of India
a day ago
- Time of India
Who is at risk of 'Microsoft SharePoint hack': 'Anybody who's got a ...'
Microsoft has released an urgent fix for a severe "zero-day" vulnerability within its widely-used SharePoint software, a flaw that hackers are said to have actively exploited to launch extensive attacks against businesses and even some U.S. government agencies. For those unaware, Microsoft SharePoint is used by companies for internal document management, data organization and collaboration. 'Microsoft Sharepoint hack ' is a zero-day vulnerability. A zero-day vulnerability is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability." Microsoft issued an alert to customers on Saturday, July 19, confirming active exploitation of the previously unknown vulnerability and assuring users that a patch was in the works. By Sunday, July 20, Microsoft updated its guidance, providing crucial instructions for applying the fix to SharePoint Server 2019 and SharePoint Server Subscription Edition. However, the challenge persists for users of older software, as Microsoft engineers are still developing a solution for SharePoint Server 2016. So, who's all at risk? Adam Meyers, senior vice president at cybersecurity firm CrowdStrike, told news agency AP, "Anybody who's got a hosted SharePoint server has got a problem." Calling it critical, he added, "It's a significant vulnerability." Cyber security company Eye Security said that attacks likely began on July 18. and it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. How can hackers harm organisations impacted by the 'Microsoft Sharepoint' vulnerability Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive. Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching.' CISA warning to companies impacted by Microsoft SharePoint hack According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting Microsoft SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.' CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
&w=3840&q=100)
Business Standard
a day ago
- Business Standard
Hackers exploit SharePoint flaw to breach servers, Microsoft issues fix
Microsoft has rolled out an emergency security fix to address a serious vulnerability in its SharePoint software, which hackers are actively exploiting in cyberattacks targeting companies and US government agencies, Associated Press reported. Microsoft alerted users over the weekend, confirming that a zero-day exploit was being used and that they were working on a solution. On Sunday, the tech giant released instructions to patch the issue for SharePoint Server 2019 and SharePoint Server Subscription Edition. However, engineers are still working on a fix for the older SharePoint Server 2016. 'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president at cybersecurity firm CrowdStrike. 'It's a significant vulnerability.' Zero-day exploit A zero-day exploit refers to a security flaw that has just been discovered and for which there is no fix yet, giving attackers a head start before security teams can respond. According to the US Cybersecurity and Infrastructure Security Agency (CISA), this new threat is a variant of an existing vulnerability (CVE-2025-49706). It mainly affects organisations using on-premise SharePoint servers. Cybersecurity experts have identified the exploit, dubbed 'ToolShell', which can allow attackers full access to SharePoint file systems. This may also impact other services linked to SharePoint, like Microsoft Teams and OneDrive, Associated Press reported. Google's Threat Intelligence Group has warned that this vulnerability could potentially 'bypass future patching', making it even more dangerous. Global impact and affected systems Cybersecurity company Eye Security reported scanning more than 8,000 SharePoint servers globally. Their findings showed that at least several dozen had been compromised, and the attacks started on July 18. Microsoft clarified that this vulnerability affects only on-premise SharePoint servers and not the cloud-based SharePoint Online service. However, the risk remains high, particularly for critical sectors. What should users do? Organisations using on-premise SharePoint servers are strongly urged to apply Microsoft's latest security guidance immediately. CISA has recommended that any impacted servers be taken offline until they are properly patched. Michael Sikorski, chief technology officer and head of Threat Intelligence for Unit 42 at Palo Alto Networks, said, 'We are urging organisations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response.' Sikorski also suggested disconnecting Microsoft SharePoint from the internet as a temporary measure until a security patch is released. CERT-In warns Microsoft users in India Last week, the Indian Computer Emergency Response Team (CERT-In) issued a high-severity warning for users of Microsoft Windows and Office products. The agency flagged multiple security flaws that could put both individuals and enterprises at risk. According to CERT-In, attackers could exploit these flaws to gain higher privileges, access sensitive data, execute remote code, and bypass security protocols. In some cases, they may also spoof identities, tamper with system settings, or trigger denial-of-service (DoS) attacks. CERT-In has urged all users and IT administrators to apply necessary patches and take additional security measures to avoid potential exploitation. [With agency inputs]
