Latest news with #M365
Yomiuri Shimbun
13 hours ago
- Yomiuri Shimbun
U.S. Nuclear and Health Agencies Hit in Microsoft Sharepoint Breach
The National Institutes of Health and the federal agency responsible for securing the nation's nuclear weapons were among the victims in a global breach of Microsoft server software over the weekend, according to officials at the agencies. The incident at NIH, which has not been previously reported, involved at least one Microsoft SharePoint server system, said Andrew Nixon, a spokesman for the Department of Health and Human Services, and its scope and severity are being investigated. The compromise at the National Nuclear Security Administration, an arm of the Energy Department, did not affect any classified information, said a person familiar with the matter who, like others, spoke on the condition of anonymity to discuss nonpublic matters. It was first reported by Bloomberg News. The NNSA helps keep 5,000 nuclear warheads secure and ready, guards against radiation leaks, and ensures that weapons do not mistakenly detonate. An NNSA spokesperson said attacks using a 'zero-day vulnerability' had begun affecting the Energy Department, including the NNSA, on Friday. 'The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems,' the spokesperson said. Only versions of SharePoint that are hosted by the customer, not those in the cloud, are vulnerable. The spokesperson said only 'a very small number of systems' were affected, adding: 'NNSA is taking the appropriate action to mitigate risk and transition to other offerings as appropriate.' An internal email written by an NIH information technology official and viewed by The Washington Post said the agency's cybersecurity team was working to remediate the SharePoint attack, which was part of a global campaign that targeted government agencies, businesses, universities and other organizations in the United States, Europe and Asia. Hackers connected to the Chinese government were behind at least some of the attacks in the past few days, defenders working on the intrusions said in interviews. Security firms helping affected customers said that many hacking groups are now trying to exploit the SharePoint flaw and that blueprints for attack methods have been circulating, including on public sites. The operator of most of California's electric grid was also targeted, according to a person familiar with the matter. That nonprofit, the California Independent System Operator, did not confirm nor deny a breach, but said it 'took immediate and decisive actions to assess and contain the threat.' 'There has been no impact to market operations or grid reliability due to this incident,' it said. 'All systems remain stable and fully operational.' The NIH email said eight servers were disconnected from the internet and isolated. One was compromised, and two showed evidence of attempted breaches that were blocked. The servers taken offline were used to host NIH websites, including websites for the National Institute of Diabetes and Digestive and Kidney Diseases and the Fogarty International Center, which supports global health research and trains scientists. The National Institutes of Health is the country's biggest funder of biomedical research, supporting studies that delve into a wide range of basic research and human health conditions. 'We are actively investigating the scope and severity of the incident, while taking all necessary steps to protect sensitive information and strengthen system security with our partners moving forward,' DHS spokesman Nixon said. He added that while one server was impacted, others were isolated as a precaution. 'We have no indication that any information was exfiltrated as a result of this SharePoint vulnerability,' he added. The FBI and other agencies are investigating the compromise of Microsoft's SharePoint collaboration software. The company issued the last of three patches for affected versions of its software on Monday. A spokeswoman for the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, which was alerted to the issue on Friday by a cybersecurity firm, warned Sunday that hackers were exploiting a software flaw that could allow them full access to information being exchanged on the SharePoint systems. That information could include file systems and login and password data. Because SharePoint is often used in tandem with other Microsoft programs and databases. Another major concern is that hackers left back doors in some targets that will allow them to return. The Chinese Embassy did not address the country's alleged role in the hacking wave, but it questioned the strength of the evidence in past accusations. 'Cyberspace is characterized by strong virtuality, difficulty in tracing origins, and diverse actors, making the tracing of cyberattacks a complex technical issue,' embassy spokesman Liu Pengyu said in an email. Treasury Secretary Scott Bessent told Bloomberg Television on Wednesday that the SharePoint hacks would be discussed during trade talks with Chinese officials in Stockholm next week. Alex Stamos, chief information security officer at SentinelOne, said that SharePoint systems hosted on a customer's premises were a natural weak spot and that transitioning to the cloud would be much safer. 'Nobody should be running Microsoft on-premise products anymore,' he said. The wave of attacks comes at a difficult time for both Microsoft and CISA, the lead U.S. agency for helping to protect civilian entities from cyberattacks. Microsoft had been alerted to a security weakness in SharePoint recently and issued a fix. But hackers discovered that the fix was inadequate and figured out a way around it. The company has been widely criticized over the past few years for other security mistakes in its core products and internal architecture, including one that allowed Chinese hackers to obtain a digital key that allowed them to validate customers, leading to email breaches at the departments of State and Commerce. At the same time, Microsoft's add-on security products have become an increasingly important source of its revenue as it spends more on artificial intelligence. 'Government agencies have become dependent on a company that not only doesn't care about security, but is making billions of dollars selling premium cybersecurity services to address the flaws in its products,' said Sen. Ron Wyden (D-Oregon). Microsoft did not respond to a request for comment. CISA, meanwhile, is reeling from budget cuts and high turnover. In March, DHS cut $10 million in funding to the nonprofit Center for Internet Security for routing warnings of cyberattacks to 18,000 state and local entities. The subsequent job cuts slowed the notifications of about 1,000 members exposed to the weekend hacking campaign, the center said. The center's chief executive, John Gilligan, said the administration's budget request for the coming year had no money for CIS, leaving it scrambling to get states to pay membership fees instead.
Time of India
a day ago
- Time of India
Microsoft SharePoint hack affected US Energy Department, nuclear weapons agency
A US Department of Energy spokesperson said that on July 18 a Microsoft SharePoint zero-day vulnerability impacted its systems, including those of the National Nuclear Security Administration, which oversees the nation's nuclear weapons stockpile."The department was minimally impacted due to its widespread use of the Microsoft M365 cloud and very capable cybersecurity systems. A very small number of systems were impacted. All impacted systems are being restored," the department said in an emailed response to Reuters on Wednesday.
Time of India
a day ago
- Business
- Time of India
Massive SharePoint breach, including US nuclear agency - Microsoft links attack to 3 China-backed hackers
A major cyberattack has hit Microsoft's SharePoint server software, affecting many organizations around the world. Microsoft confirmed that three Chinese hacker groups — Violet Typhoon, Linen Typhoon, and Storm-2603 — are involved in the attack, as per the Microsoft Blog. These hackers exploited major flaws in Microsoft's on-premises SharePoint servers, not the cloud-based ones. The flaws allowed the hackers to break in remotely, giving them access to internal systems of many victims. The cyberattack started on Saturday, July 18, according to Microsoft's initial report, as per the reports. Explore courses from Top Institutes in Please select course: Select a Course Category MBA Design Thinking Cybersecurity Others Healthcare others Operations Management Technology Data Analytics MCA Artificial Intelligence Finance Degree Project Management healthcare Data Science Data Science CXO Digital Marketing Product Management Management Public Policy PGDM Leadership Skills you'll gain: Analytical Skills Financial Literacy Leadership and Management Skills Strategic Thinking Duration: 24 Months Vellore Institute of Technology VIT Online MBA Starts on Aug 14, 2024 Get Details Skills you'll gain: Financial Management Team Leadership & Collaboration Financial Reporting & Analysis Advocacy Strategies for Leadership Duration: 18 Months UMass Global Master of Business Administration (MBA) Starts on May 13, 2024 Get Details U.S. government agencies hit by hackers U.S. federal investigators say that at least two federal agencies were affected, and that number may rise. One official said they believe four to five federal agencies may have been breached. The U.S. National Nuclear Security Administration (NNSA) was also hacked. This agency designs and manages U.S. nuclear weapons, according to the report by Bloomberg. by Taboola by Taboola Sponsored Links Sponsored Links Promoted Links Promoted Links You May Like New Container Houses Indonesia (Prices May Surprise You) Container House | Search ads Search Now Undo Luckily, no classified or sensitive data appears to have been stolen from NNSA. The Energy Department confirmed it was also impacted by the breach but said only a few systems were affected. The Energy Department explained that because it uses Microsoft M365 cloud systems, the damage was limited. ALSO READ: LinkedIn job applications surge 45% as AI tools like ChatGPT, resume Bots, and hiring automation take over the job search in 2025 Live Events All affected Energy Department systems are now being restored, according to its spokesperson. The attack used two main vulnerabilities: CVE-2025-49706 and CVE-2025-49704. These bugs are only present in SharePoint servers that are managed on-site by customers — not in Microsoft's cloud version, as stated by Microsoft. Microsoft issues fixes, but hackers still a threat Microsoft released security patches on July 19 to fix these issues and urged users to install them immediately. The company also warned that more hackers might start using the same flaws if users don't update their systems. Microsoft says there is "high confidence" that hackers will continue to exploit the bugs if servers remain unpatched, as per the reports. Private cybersecurity firm Mandiant said that at least one group involved is linked to Beijing. Another major cybersecurity researcher said the behavior they saw 'lines up perfectly' with Chinese hackers. Microsoft stated that hackers used post-exploitation techniques, which means they dug deeper into systems after breaking in. Microsoft also warned about possible data theft including usernames, passwords, tokens, and hash codes. The FBI and CISA are working with Microsoft to investigate and respond to the attacks. The White House and Chinese Embassy in Washington did not respond to questions about China's involvement. As of now, the U.S. government has not officially blamed China for the breaches, as per the POLITICO report. More groups could be in danger worldwide Silas Cutler, a researcher at scanning firm Censys, and Piotr Kijewski, CEO of The Shadowserver Foundation, said about 100 organizations have been affected so far. They also warned that thousands more organizations could still be vulnerable to this same attack. Some of the other victims include national governments in Europe and the Middle East, Florida's Department of Revenue, and the Rhode Island General Assembly, as per the report by Bloomberg. ALSO READ: Kyiv erupts: Massive protests rock Zelensky amid explosive anti-corruption scandal Microsoft failed to patch at least one of the bugs earlier this month and only released partial fixes for others. Microsoft now recommends using updated SharePoint server versions and turning on Defender Antivirus or similar tools. They also advise customers to rotate SharePoint machine keys, restart IIS servers, and use Full Mode AMSI scanning. Microsoft said it is working closely with CISA, the Department of Defense Cyber Command, and other global partners. Microsoft faces heat from U.S. lawmakers The attack is one of the biggest cybersecurity threats during Donald Trump's second term in office so far. Microsoft says other non-China hacker groups are also trying to use the same bugs to attack more victims. Charles Carmakal, CTO of Mandiant, warned that more hackers will 'leverage this exploit' soon. Lawmakers are now criticizing Microsoft for putting U.S. systems at risk and still depending on China-based engineers. Sen. Ron Wyden said Microsoft is selling security upgrades while failing to secure its main products. Lawmakers from the House Homeland Security Committee have asked Microsoft and CISA for a briefing on the issue, as stated by POLITICO. In a similar 2020 SolarWinds hack, the NNSA had also been breached, but the malware stayed only on business networks. In 2023, Chinese hackers exploited Microsoft again and stole emails from the U.S. ambassador to China and Commerce Secretary. That 2023 attack led to a federal review panel criticizing Microsoft for poor security practices, as per the Bloomberg report. Recently, the Pentagon said it will review all its cloud systems, after reports that China-based engineers worked on Pentagon-related tech. This latest breach is now adding pressure on Microsoft to improve its products and regain trust from the U.S. government, as per the reports. FAQs Q1. What caused the Microsoft SharePoint hack in 2025? Hackers exploited security flaws in Microsoft's on-premises SharePoint servers to access many organizations' systems. Q2. Which U.S. agencies were affected by the SharePoint cyberattack? At least two federal agencies, including the National Nuclear Security Administration and the Energy Department, were impacted.
Business Insider
02-07-2025
- Business
- Business Insider
Internal Microsoft memo lays out its new strategy for selling AI as the company cuts salespeople
Microsoft's sales chief, Judson Althoff, is revamping his unit to make it more AI-focused, according to an internal memo viewed by Business Insider. Althoff, the company's chief commercial officer, sent the memo to the sales unit, called Microsoft Customer and Partner Solutions (MCAPS), a day before the company announced a significant round of layoffs. Those layoffs affected many salespeople in Althoff's organization, sources familiar with them said. The memo did not mention the layoffs, announced beginning July 2 in separate communications to employees. Althoff's memo called for "continued agility" and "reinventing Microsoft and MCAPS" to become "the Frontier AI Firm," and outlined the five priorities of the sales organization: Establish a Copilot on every device and across every role Strengthen our M365 and D365 execution and penetration across all segments Create meaningful AI design wins Grow our cloud platform business by migrating and modernizing workloads to Azure Build a cybersecurity foundation to enable secure AI Transformation Althoff in April unveiled plans to slash the number of the sales team's "solutions areas" by half during the next fiscal year, which started July 1. BI obtained copies of slides from Althoff's April presentation, showing the company planned to condense its six previous areas into three: AI Business Solutions, Cloud & AI Platforms, and Security, according to those slides. AI Business Solutions will focus on getting "Copilots on every device across every role" and on selling Microsoft 365's suite of business applications and Dynamics 365 customer relationship management service, according to the July 1 memo. Cloud & AI Platform will include the company's Azure business, its AI "agent factory" Foundry, and data analytics platform Fabric. That group will be focused on frontier AI solutions and migrating and modernizing cloud workloads to Azure. Security focuses on selling Microsoft's security tools. "We have spent a lot of time playing defense over the last year, and it is now time to compete more aggressively," Althoff said, referring to the security solutions area. The changes come as Microsoft faces increasing competition for enterprise customers in AI from companies like OpenAI and Google. Microsoft has an advantage in that many large companies already use its other tools, but many of those companies' employees want the more well-known ChatGPT.
India.com
23-06-2025
- Business
- India.com
Good news for employees of this Ratan Tata company, offers bonus of Rs…, if they meet criteria of…
Ratan Tata (File) India's one of biggest IT services company, Tata Consultancy Services (TCS), has launched a new hiring initiative to fasten the onboarding process of new joinees. It is Known as the Quick Joiner Incentive Plan and it offers a Rs 40,000 bonus per candidate if they join the company within 30 days of offer acceptance, according to a media report. However, there have also added another criteria to it that is the bonus is recoverable if the candidate leaves the company within six months. This conditional matches TCS's efforts to make stable and long-term staffing. TCS New Hiring Initiative TCS's new plan is part of the company's expansion plan and also taken after signing billion-dollar contracts like its outsourcing deal with British insurer Aviva. The company is increasing its workforce by hiring freshers and specialized talent as per IT industries demand. TCS Job Hiring Criteria Microsoft Teams and M365 SharePoint and Endpoint Security Cloud-native and AI-powered enterprise solutions Company's clients demand digital transformation and skilled support, hiring is based on these criterias. Bonus Structure Rs 40,000 incentive for senior role filled within 30 days. Addition to standard recruitment fees. Refundable candidate exit within six months. This policy is trying to hire more candidates as early as possible as per their new projects in hand and also wants to retain them by putting criteria of bonus refunds.
