Latest news with #RafePilling
USA Today
2 days ago
- Business
- USA Today
Microsoft SharePoint attack: Officials issue warning about 'active exploitation'
Federal cybersecurity officials have issued a warning to Microsoft users about a security flaw allowing hackers to access to certain SharePoint systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) posted an alert on its website Sunday, July 20, saying it was aware of "active exploitation" of a security vulnerability that was allowing unauthorized access to on-site SharePoint servers. The "scope and impact" of the issue was still being assessed, CISA said in the notice posted July 20, but officials said the vulnerability "poses a risk" to organizations that house their own SharePoint servers. Microsoft, in an alert posted Saturday, July 19, said the vulnerability enables an 'authorized attacker to perform spoofing over a network,' a type of cyberattack in which an attacker attempts to trick a user or system into believing they are a trusted or known source. "The FBI is aware of the matter, and we are working closely with our federal government and private sector partners," a Microsoft spokesperson told USA TODAY Monday. SharePoint is used by government agencies and businesses in the U.S. and around the world, as reported by Reuters and the Washington Post, which first reported the attacks. It was not immediately known who was behind the attack, but a cybersecurity researcher told Reuters on Monday, July 21, it is likely the work of a single actor. "Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm, told the outlet. "However, it's possible that this will quickly change." Markets news: US stocks open higher as investors eye more earnings and tariff news Microsoft SharePoint vulnerability In its alert about the ongoing attacks on SharePoint servers, Microsoft urged customers to install new security updates. The company said SharePoint Online in Microsoft 365, stored in the cloud, was not hit by the exploit. The attack is dubbed by experts as "zero day," because, officials said, it was a shock to cybersecurity researchers. Microsoft's stock price was mostly flat on Monday morning, July 21. 'Customers should apply these updates' Microsoft reported it issued recommendations to stop attackers from exploiting it. "Microsoft has released security updates that fully protect customers using SharePoint Subscription Edition and SharePoint 2019 against the risks posed by CVE-2025-53770, and CVE-2025-53771," the post reads. 'Customers should apply these updates immediately to ensure they're protected." To access Microsoft's link to the updates click here. USA TODAY has reached out to Microsoft for more information. Contributing: Reuters Natalie Neysa Alund is a senior reporter for USA TODAY. Reach her at nalund@ and follow her on X @nataliealund.
Time of India
2 days ago
- Business
- Time of India
Microsoft server hack has hit about 100 victims, researcher says
Microsoft on Saturday issued an alert about "active attacks" on self-managed SharePoint servers, which are widely used by government agencies and businesses to share documents within organisations. Tired of too many ads? Remove Ads Tired of too many ads? Remove Ads A sweeping cyberespionage operation targeting Microsoft server software compromised about 100 different organizations as of the weekend, one of the researchers who helped uncover the campaign said on Saturday issued an alert about "active attacks" on self-managed SharePoint servers, which are widely used by government agencies and businesses to share documents within organisations. Dubbed a "zero day" because it leverages a previously undisclosed digital weaknesses, the hacks allow spies to penetrate vulnerable servers and potentially drop a back door to secure continuous access to victim Bernard, the chief hacker at Eye Security , a Netherlands-based cybersecurity firm whichdiscovered the hacking campaigntargeting one of its clients on Friday, said that an internet scan carried out with the ShadowServer Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known."It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other back doors."He declined to identify the affected organizations, saying that the relevant national authorities had been notified. The ShadowServer Foundation didn't immediately return a message seeking researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers."It's possible that this will quickly change," said Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of "a limited number" of targets in the United to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities."The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend."Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Time of India
2 days ago
- Business
- Time of India
Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
LONDON: A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers. "Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. That tradecraft included the sending of the same digital payload to multiple targets, Pilling added. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment. The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities. "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend. "Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Mint
2 days ago
- Business
- Mint
Microsoft issues urgent patch as SharePoint exploit spreads globally: How to stay safe online
A widespread cyberattack targeting Microsoft SharePoint server software has raised alarms among security agencies and businesses worldwide, with experts suggesting that a single threat actor may be behind the coordinated assault. Over the weekend, Microsoft issued a critical security alert warning of 'active attacks' on on-premise SharePoint servers, widely used by organisations and government bodies to manage and share internal documents. Notably, the tech giant clarified that SharePoint Online, part of its Microsoft 365 cloud suite, was not affected by the exploit, which is being classified as a "zero-day" vulnerability, meaning it was previously unknown to cybersecurity professionals. Rafe Pilling, Director of Threat Intelligence at British cybersecurity firm Sophos, indicated that evidence pointed towards a single entity executing the campaign. 'Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it is possible that this will quickly change,' Pilling noted. He highlighted the use of identical digital payloads across various targets as a significant indicator of a singular source. While Microsoft confirmed that it had released security updates to address the flaw, the company urged users to install the patches without delay. However, cybersecurity experts caution that remediation may require more than just patch deployment. Daniel Card, of the UK-based consultancy PwnDefend, warned that the scope of the attack suggested a broad level of compromise. 'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally. Taking an assumed breach approach is wise, and it is also important to understand that just applying the patch is not all that is required here,' he said. According to Shodan, a search engine that indexes internet-connected devices, over 8,000 SharePoint servers currently accessible online may have already been exposed to the exploit. These include systems belonging to prominent industrial companies, financial institutions, healthcare providers, auditors, and multiple U.S. state and international government organisations. The identity of the attacker remains unknown. Moreover, the US Federal Bureau of Investigation (FBI) acknowledged the incident on Sunday, stating that it was working alongside both federal partners and private sector entities to assess the situation. Meanwhile, the UK's National Cyber Security Centre has yet to respond publicly. The Washington Post reported that unidentified cyber actors had recently leveraged the SharePoint vulnerability to target both American and international agencies, suggesting the campaign could have extensive geopolitical ramifications. (With inputs from Reuters)
Mint
2 days ago
- Business
- Mint
Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
Hack exploits previously unknown flaw in SharePoint software Thousands of entities potentially now vulnerable to attack Hack likely work of one threat actor or group, researcher says Unclear who is behind attacks LONDON, July 21 (Reuters) - A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers. "Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. That tradecraft included the sending of the same digital payload to multiple targets, Pilling added. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment. The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities. "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
