Latest news with #MicrosoftSharepoint
Time of India
4 hours ago
- Time of India
Who is at risk of 'Microsoft SharePoint hack': 'Anybody who's got a ...'
Microsoft has released an urgent fix for a severe "zero-day" vulnerability within its widely-used SharePoint software, a flaw that hackers are said to have actively exploited to launch extensive attacks against businesses and even some U.S. government agencies. For those unaware, Microsoft SharePoint is used by companies for internal document management, data organization and collaboration. 'Microsoft Sharepoint hack ' is a zero-day vulnerability. A zero-day vulnerability is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability." Microsoft issued an alert to customers on Saturday, July 19, confirming active exploitation of the previously unknown vulnerability and assuring users that a patch was in the works. By Sunday, July 20, Microsoft updated its guidance, providing crucial instructions for applying the fix to SharePoint Server 2019 and SharePoint Server Subscription Edition. However, the challenge persists for users of older software, as Microsoft engineers are still developing a solution for SharePoint Server 2016. So, who's all at risk? Adam Meyers, senior vice president at cybersecurity firm CrowdStrike, told news agency AP, "Anybody who's got a hosted SharePoint server has got a problem." Calling it critical, he added, "It's a significant vulnerability." Cyber security company Eye Security said that attacks likely began on July 18. and it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. How can hackers harm organisations impacted by the 'Microsoft Sharepoint' vulnerability Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive. Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching.' CISA warning to companies impacted by Microsoft SharePoint hack According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting Microsoft SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.' CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched. AI Masterclass for Students. Upskill Young Ones Today!– Join Now
Time Magazine
12 hours ago
- Business
- Time Magazine
How to Protect Yourself From the Global Microsoft Hack
Dozens of organizations appear to have been affected over the past few days by hackers targeting Microsoft server software. Microsoft said in a post on its website on Saturday that it was 'aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities.' SharePoint is a Microsoft platform that allows customers to manage and share documents within their organizations. Here's what to know about the attack, and how to protect yourself. Hackers targeted a "vulnerability" in Microsoft Sharepoint Eye Security, a cybersecurity firm based in the Netherlands, said in a post that it identified the 'large-scale exploitation' of a 'vulnerability' in the Microsoft software on Friday. The vulnerability was not 'widely known' before then, according to the firm. Microsoft said that only servers housed within an organization were compromised in the hack; SharePoint Online in Microsoft 365 was not impacted. Eye Security warned that once hackers breached Sharepoint systems, they could access all content within them and 'move laterally across the Windows Domain.' 'Because SharePoint often connects to core services like Outlook, Teams, and OneDrive, a breach can quickly lead to data theft, password harvesting, and lateral movement across the network,' the firm said. 'This is a rapidly evolving, targeted exploit. Organizations with unpatched SharePoint servers should not wait for a fix. They should assess for compromise immediately and respond accordingly.' Researchers determined that nearly 100 organizations were affected in the attack over the weekend, Eye Security's chief hacker Vaisha Bernard told Reuters. It is not yet clear who was responsible for the hack or what the motive was, according to The Washington Post. How to protect yourself from the attack Microsoft advised customers using SharePoint to apply the latest security updates, and to make sure that the Antimalware Scan Interface is on and configured properly. The U.S. Cybersecurity & Infrastructure Security Agency recommended that customers take several technical steps to reduce risks associated with the attack, including configuring the Antimalware Scan Interface. Eye Security also suggested that customers who have confirmed that they've been impacted by the attack 'isolate or shut down affected SharePoint servers,' 'renew all credentials and system secrets that could have been exposed,' and 'engage your incident response team or a trusted cybersecurity firm.'
Time of India
18 hours ago
- Business
- Time of India
Explained: 10000-plus companies at risk and …, what makes the Microsoft SharePoint attack very dangerous right now
Microsoft is scrambling to contain a widespread cyberattack targeting SharePoint servers worldwide, with cybersecurity experts warning that over 10,000 companies could be at risk. Tired of too many ads? go ad free now The software giant confirmed that hackers are actively exploiting previously unknown security flaws in on-premises SharePoint servers used by government agencies, universities, and major corporations to share internal documents. The Cybersecurity and Infrastructure Security Agency ( CISA ) added the vulnerability to its Known Exploited Vulnerability catalog on Saturday, giving federal agencies just one day to apply patches once they become available. "These exploits are real, in-the-wild, and pose a serious threat," warned Palo Alto Networks, while Google's Threat Intelligence Group confirmed observing active exploitation attempts. Dutch cybersecurity firm Eye Security first detected the attacks on July 18th and reports that at least 85 SharePoint servers across 54 organizations have already been compromised. Among the victims are a California university, energy companies, federal health organizations, and government entities in Florida and New York. Microsoft Sharepoint's zero-day exploits leave tens and thousands of organisations vulnerable The attack leverages what's known as a "zero-day" vulnerability – a security flaw unknown to software makers until it's actively exploited by hackers. Cybersecurity researchers estimate that over 10,000 companies with SharePoint servers are potentially at risk, with the United States, Netherlands, United Kingdom, and Canada having the highest concentrations of vulnerable systems. "It's a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well," said Silas Cutler, a researcher at Michigan-based Censys. Tired of too many ads? go ad free now The vulnerability allows hackers to access file systems, steal sensitive configurations, and execute malicious code across networks without authentication. The attackers are using a technique called "ToolShell" that was originally demonstrated at the Pwn2Own security conference . They upload malicious files to steal critical server keys, then use these stolen credentials to create valid access tokens that bypass security measures entirely. Government agencies among primary targets in Microsoft Sharepoint attack Federal and state agencies appear to be prime targets in this campaign, with the FBI confirming it's "aware of the matter" and working with government and private sector partners to assess the threat. The Washington Post reported that the breach has affected multiple U.S. agencies, though specific details remain classified for security reasons. CISA's Acting Executive Assistant Director for Cybersecurity Chris Butera emphasized the urgency: "Microsoft is responding quickly, and we are working with the company to help notify potentially impacted entities about recommended mitigations. CISA encourages all organizations with on-premise Microsoft SharePoint servers to take immediate recommended action." Organizations can detect if they've been compromised by checking for suspicious files named " on their servers or unusual network activity from specific IP addresses that security firms have identified as attack sources. Microsoft releases emergency updates Microsoft has released emergency security updates for SharePoint 2019 and Subscription Edition servers, with a patch for SharePoint 2016 expected soon. The company recommends that organizations unable to immediately apply updates should disconnect their SharePoint servers from the internet until patches can be installed. For additional protection, Microsoft advises enabling its Antimalware Scan Interface (AMSI) feature and deploying Windows Defender Antivirus on all SharePoint servers. Organizations should also rotate their server security keys after applying patches to prevent further unauthorized access. This incident adds to Microsoft's recent cybersecurity challenges, including Chinese hacker attacks earlier this year and criticism from the White House's Cyber Safety Review Board, which called the company's security culture "inadequate" following previous breaches.
