Latest news with #zero day
Free Malaysia Today
22-07-2025
- Business
- Free Malaysia Today
Microsoft hack likely by single actor, thousands of firms now vulnerable
Microsoft issued an alert about 'active attacks' on its SharePoint servers on Saturday. (EPA Images pic) LONDON : A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said today. Microsoft on Saturday issued an alert about 'active attacks' on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a 'zero day' because it was previously unknown to cybersecurity researchers. 'Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change,' Rafe Pilling, director of threat intelligence at Sophos, a British cybersecurity firm. That tradecraft included the sending of the same digital payload to multiple targets, Pilling added. Microsoft said it had 'provided security updates and encourages customers to install them', a company spokesman said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said yesterday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's national cyber security centre did not immediately respond to a request for comment. The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several US state-level and international government entities. 'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally,' said Daniel Card of British cybersecurity consultancy, PwnDefend. 'Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here.'
Yahoo
21-07-2025
- Business
- Yahoo
Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
LONDON (Reuters) -A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers. "Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. That tradecraft included the sending of the same digital payload to multiple targets, Pilling added. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment. The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities. "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend. "Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here." Sign in to access your portfolio
CNA
21-07-2025
- Business
- CNA
Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
LONDON :A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers. "Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. That tradecraft included the sending of the same digital payload to multiple targets, Pilling added. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment. The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities. "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend. "Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Reuters
21-07-2025
- Business
- Reuters
Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say
LONDON, July 21 (Reuters) - A global attack on Microsoft (MSFT.O), opens new tab server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers. "Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm. That tradecraft included the sending of the same digital payload to multiple targets, Pilling added. Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement. It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment. The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities. "The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend. "Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
