Latest news with #Censys
Yahoo
2 days ago
- Yahoo
Hackers exploiting SharePoint zero-day seen targeting government agencies
The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers as well as news reports. Over the weekend U.S. cybersecurity agency CISA published an alert, warning that hackers were exploiting a previously unknown bug — known as a 'zero-day' — in Microsoft's enterprise data management product SharePoint. While it's still early to draw definitive conclusions, it appears that the hackers who first started abusing this flaw were targeting government organizations, according to Silas Cutler, the principal researcher at Censys, a cybersecurity firm that monitors hacking activities on the internet. 'It looks like initial exploitation was against a narrow set of targets,' Cutler told TechCrunch. 'Likely government related.' 'This is a fairly rapidly evolving case. Initial exploitation of this vulnerability was likely fairly limited in terms of targeting, but as more attackers learn to replicate exploitation, we will likely see breaches as a result of this incident,' said Cutler. Do you have more information about these SharePoint attacks? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. Now that the vulnerability is out there, and still not fully patched by Microsoft, it's possible other hackers that are not necessarily working for a government will join in and start abusing it, Cutler said. Cutler added that he and his colleagues are seeing between 9,000 and 10,000 vulnerable SharePoint instances accessible from the internet, but that could change. Eye Security, which first published the existence of the bug, reported seeing a similar number, saying its researchers scanned more than 8,000 SharePoint servers worldwide and found evidence of dozens of compromised servers. Given the limited number of targets and the types of targets at the beginning of the campaign, Cutler explained, it is likely that the hackers were part of a government group, commonly known as an advanced persistent threat. The Washington Post reported on Sunday that the attacks targeted U.S. federal and state agencies, as well as universities and energy companies, among other commercial targets. Microsoft said in a blog post that the vulnerability only affects versions of SharePoint that are installed on local networks, and not the cloud versions, which means that each organization that deploys a SharePoint server needs to apply the patch, or disconnect it from the internet.
TechCrunch
2 days ago
- TechCrunch
Hackers exploiting SharePoint zero-day seen targeting government agencies, say researchers
The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers as well as news reports. Over the weekend U.S. cybersecurity agency CISA published an alert, warning that hackers were exploiting a previously unknown bug — known as a 'zero-day' — in Microsoft's enterprise data management product SharePoint. While it's still early to draw definitive conclusions, it appears that the hackers who first started abusing this flaw were targeting government organizations, according to Silas Cutler, the principal researcher at Censys, a cybersecurity firm that monitors hacking activities on the internet. 'It looks like initial exploitation was against a narrow set of targets,' Cutler told TechCrunch. 'Likely government related.' 'This is a fairly rapidly evolving case. Initial exploitation of this vulnerability was likely fairly limited in terms of targeting, but as more attackers learn to replicate exploitation, we will likely see breaches as a result of this incident,' said Cutler. Contact Us Do you have more information about these SharePoint attacks? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or Do you have more information about these SharePoint attacks? We'd love to hear from you. From a non-work device and network, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . Now that the vulnerability is out there, and still not fully patched by Microsoft, it's possible other hackers that are not necessarily working for a government will join in and start abusing it, Cutler said. Cutler added that he and his colleagues are seeing between 9,000 and 10,000 vulnerable SharePoint instances accessible from the internet, but that could change. Eye Security, which first published the existence of the bug, reported seeing a similar number, saying its researchers scanned more than 8,000 SharePoint servers worldwide and found evidence of dozens of compromised servers. Given the limited number of targets and the types of targets at the beginning of the campaign, Cutler explained, it is likely that the hackers were part of a government group, commonly known as an advanced persistent threat. Techcrunch event Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They're here to deliver the insights that fuel startup growth and sharpen your edge. Don't miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. San Francisco | REGISTER NOW The Washington Post reported on Sunday that the attacks targeted U.S. federal and state agencies, as well as universities and energy companies, among other commercial targets. Microsoft said in a blog post that the vulnerability only affects versions of SharePoint that are installed on local networks, and not the cloud versions, which means that each organization that deploys a SharePoint server needs to apply the patch, or disconnect it from the internet.
Boston Globe
2 days ago
- Business
- Boston Globe
Hackers exploit Microsoft SharePoint as firm works to patch
Get Starting Point A guide through the most important stories of the morning, delivered Monday through Friday. Enter Email Sign Up Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of those companies, followed by the Netherlands, the UK and Canada, he said. Advertisement 'It's a dream for ransomware operators,' he said. Microsoft has been trying to shore up its cybersecurity after a series of high-profile failures, hiring new executives from places like the US government and holding weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms. Advertisement Palo Alto Networks Inc. warned that the SharePoint exploits are 'real, in-the-wild, and pose a serious threat.' Google Threat Intelligence Group said in an e-mailed statement it had observed hackers exploiting the vulnerability, adding it allows 'persistent, unauthenticated access and presents a significant risk to affected organizations.' 'When they're able to compromise the fortress that is SharePoint, everybody is kind of at their whim because that is one of the highest security protocols out there,' said Gene Yu, CEO of Singapore-based cyber incident response firm Blackpanda. The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers. Researchers at Eye Security were first to identify the vulnerability, the company said. Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems. Vaisha Bernard, chief hacker and co-owner of Eye Security, said his team identified a wave of attacks on Friday evening and a second wave on Saturday morning. The attacks, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised. He declined to identify the identities of organizations that had been targeted, but said they included government agencies and private companies, including 'bigger multinationals.' The victims were located in countries in North and South America, the European Union, South Africa, and Australia, he added. Advertisement It was not clear who was behind the attacks, Bernard said, but 'my gut feeling says it's one group' behind them, due to similarities in the methods he observed during the attacks. A Microsoft spokesperson declined to comment beyond the company's statement. Microsoft has faced a series of recent cyberattacks, warning in March that Chinese hackers were targeting remote management tools and cloud applications to spy on a range of companies and organizations in the US and abroad. The Cyber Safety Review Board, a White House-mandated group designed to examine major cyberattacks, said last year that Microsoft's security culture was 'inadequate' following the 2023 hack of the company's Exchange Online mailboxes. In that incident, hackers were able to breach 22 organizations and hundreds of individuals, including former US Commerce Secretary Gina Raimondo. --With assistance from Lynn Doan.
Yahoo
2 days ago
- Business
- Yahoo
Hackers Exploit Microsoft SharePoint as Firm Works on Patches
(Bloomberg) -- Microsoft Corp. warned that hackers are actively targeting customers of its document management software SharePoint, with security researchers flagging the risk of potentially widespread breaches around the world. Why the Federal Reserve's Building Renovation Costs $2.5 Billion Milan Corruption Probe Casts Shadow Over Property Boom How San Jose's Mayor Is Working to Build an AI Capital Vulnerabilities in the software have allowed hackers to access file systems and execute code, the US Cybersecurity and Infrastructure Security Agency warned on Sunday. While Microsoft said over the weekend that it had released a new patch for customers to apply to their SharePoint servers 'to mitigate active attacks targeting on-premises servers,' the company was still working to roll out others to address ongoing security flaws. Cybersecurity firms cautioned that a broad section of organizations may be affected by the breach. Tens of thousands — if not hundreds of thousands — of businesses and institutions worldwide use SharePoint in some fashion to store and collaborate on documents. Microsoft said hackers are specifically targeting clients running SharePoint servers from their own on-premise networks, as opposed to being hosted and managed by the tech firm. That could limit the impact to a subsection of customers. Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of those companies, followed by the Netherlands, the UK and Canada, he said. 'It's a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well,' he said. Microsoft has been trying to shore up its cybersecurity after a series of high-profile failures, hiring new executives from places like the US government and holding weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms. Palo Alto Networks Inc. warned that the SharePoint exploits are 'real, in-the-wild, and pose a serious threat.' Google Threat Intelligence Group said in an e-mailed statement it had observed hackers exploiting the vulnerability, adding it allows 'persistent, unauthenticated access and presents a significant risk to affected organizations.' 'When they're able to compromise the fortress that is SharePoint, everybody is kind of at their whim because that is one of the highest security protocols out there,' said Gene Yu, CEO of Singapore-based cyber incident response firm Blackpanda. The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers. Researchers at Eye Security were the first to identify the vulnerability, Cutler said. They reported an intrusion on Friday resembling one identified earlier in the week in a demo by researchers Code White GmbH, which reproduced vulnerabilities presented by others at the Pwn2Own hacking contest. Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems. A Microsoft spokesperson declined to comment beyond the company's statement. Microsoft has faced a series of recent cyberattacks, warning in March that Chinese hackers were targeting remote management tools and cloud applications to spy on a range of companies and organizations in the US and abroad. The Cyber Safety Review Board, a White House-mandated group designed to examine major cyberattacks, said last year that Microsoft's security culture was 'inadequate' following the 2023 hack of the company's Exchange Online mailboxes. In that incident, hackers were able to breach 22 organizations and hundreds of individuals, including former US Commerce Secretary Gina Raimondo. --With assistance from Lynn Doan. (Updates with more context beginning in third paragraph) A Rebel Army Is Building a Rare-Earth Empire on China's Border Elon Musk's Empire Is Creaking Under the Strain of Elon Musk Thailand's Changing Cannabis Rules Leave Farmers in a Tough Spot How Starbucks' CEO Plans to Tame the Rush-Hour Free-for-All What the Tough Job Market for New College Grads Says About the Economy ©2025 Bloomberg L.P.
Engadget
2 days ago
- Business
- Engadget
Microsoft Sharepoint server vulnerability puts an estimated 10,000 organizations at risk
A major zero-day security vulnerability in Microsoft's widely used SharePoint server software has been exploited by hackers, causing chaos within businesses and government agencies, multiple outlets have reported. Microsoft announced that it had released a new security patch "to mitigate active attacks targeting on-premises [and not online] servers," but the breach has already effected universities, energy companies, federal and state agencies and telecommunications firms. The SharePoint flaw is a serious one, allowing hackers to access file systems and internal configurations or even execute code, to completely take over systems. The flaw could put more than 10,000 companies at risk, Cybersecurity company Censys told The Washington Post . "It's a dream for ransomeware operators, and a lot of attackers are going to be working this weekend as well." Google's Threat Intelligence Group added that the flaw allows "persistent, unauthenticated access that can bypass future patching." The US Cybersecurity and Infrastucture Security agency (CISA) said that any servers affected by the exploit should be disconnected from the internet until a full patch arrives. It added that the impact of the attacks is still being probed. The vulnerability was first spotted by Eye Security, which said the flaw allows hackers to access SharePoint servers and steal keys in order to impersonate users or services. "Because SharePoint often connects to core services like Outlook, Teams, and OneDrive, a breach can quickly lead to data theft, password harvesting, and lateral movement across the network," Eye Security wrote in a blog post. The FBI is aware of the attack and is working closely with government and private sector partners. It's not immediately clear which groups are behind the zero-day hacks. In any case, the attack is liable to put Microsoft under the microscope again. A 2023 breach of Exchange Online mailboxes led the White House's Cyber Safety Review Board to declare that Microsoft's security culture was "inadequate." If you buy something through a link in this article, we may earn commission.
