Latest news with #OneDrive
&w=3840&q=100)
Business Standard
3 hours ago
- Business
- Business Standard
Microsoft rushes to stop hackers exploiting SharePoint security flaw
By Jake Bleiberg, Jane Lanhee Lee and Ryan Gallagher Hackers exploited a security flaw in common Microsoft Corp. software to breach governments, businesses and other organizations across the globe and steal sensitive information, according to officials and cybersecurity researchers. Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code. Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google's Mandiant Consulting. Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they've accessed government systems, including ones belonging to the US Department of Education, Florida's Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information. Representatives of the Department of Education and Rhode Island legislature didn't respond to calls and emails seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated 'at multiple levels of government' but that the state agency 'does not comment publicly on the software we use for operations.' The hackers also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn't identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. In some systems they've broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information. 'This is a high-severity, high-urgency threat,' said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. 'What makes this especially concerning is SharePoint's deep integration with Microsoft's platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,' he said. 'A compromise doesn't stay contained—it opens the door to the entire network.' Tens of thousands — if not hundreds of thousands — of businesses and institutions worldwide use SharePoint in some fashion to store and collaborate on documents. Microsoft said that attackers are specifically targeting clients running SharePoint servers from their own on-premise networks, as opposed to being hosted and managed by the tech firm. That could limit the impact to a subsection of customers. A Microsoft spokesperson declined to comment beyond an earlier statement. 'It's a dream for ransomware operators,' said Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys. He estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of such firms, followed by the Netherlands, the UK and Canada, he said. The breaches have drawn new scrutiny to Microsoft's efforts to shore up its cybersecurity after a series of high-profile failures. The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms. The Center for Internet Security, which operates a cybersecurity information sharing system for state and local governments in the US, found more than 1,100 servers that are at risk from the SharePoint vulnerability, said Randy Rose, the organization's vice president of security operations and intelligence. Rose said more than 100 were likely hacked. The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers. Eye Security was the first to identify that attackers were actively exploiting the vulnerabilities in a wave of cyberattacks that began on Friday, said Vaisha Bernard, the company's chief hacker and co-owner. Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems. The SharePoint vulnerabilities, known as 'ToolShell,' were first identified in May by researchers at a Berlin cybersecurity conference. In early July, Microsoft issued patches to fix the security holes, but hackers found another way in. 'There were ways around the patches,' which enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Bernard. 'That allowed these attacks to happen.' The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised. He declined to identify the identity of organizations that had been targeted, but said they included government agencies and private companies, including 'bigger multinationals.' The victims were located in countries in North and South America, the EU, South Africa, and Australia, he added.
The Star
5 hours ago
- Business
- The Star
Microsoft rushes to stop hackers from wreaking global havoc
Hackers exploited a security flaw in common Microsoft Corp software to breach governments, businesses and other organisations across the globe and steal sensitive information, according to officials and cybersecurity researchers. Microsoft over the weekend released a patch for the vulnerability in servers of the SharePoint document management software. The company said it was still working to roll out other fixes after warnings that hackers were targeting SharePoint clients, using the flaw to enter file systems and execute code. Multiple different hackers are launching attacks through the Microsoft vulnerability, according to representatives of two cybersecurity firms, CrowdStrike Holdings, Inc. and Google's Mandiant Consulting. Hackers have already used the flaw to break into the systems of national governments in Europe and the Middle East, according to a person familiar with the matter. In the US, they've accessed government systems, including ones belonging to the US Department of Education, Florida's Department of Revenue and the Rhode Island General Assembly, said the person, who spoke on condition that they not be identified discussing the sensitive information. Representatives of the Department of Education and Rhode Island legislature didn't respond to calls and emails seeking comment Monday. A Florida Department of Revenue spokesperson, Bethany Wester Cutillo, said in an email that the SharePoint vulnerability is being investigated "at multiple levels of government' but that the state agency "does not comment publicly on the software we use for operations.' The hackers also breached the systems of a US-based health-care provider and targeted a public university in Southeast Asia, according to a report from a cybersecurity firm reviewed by Bloomberg News. The report doesn't identify either entity by name, but says the hackers have attempted to breach SharePoint servers in countries including Brazil, Canada, Indonesia, Spain, South Africa, Switzerland, the UK and the US. The firm asked not to be named because of the sensitivity of the information. In some systems they've broken into, the hackers have stolen sign-in credentials, including usernames, passwords, hash codes and tokens, according to a person familiar with the matter, who also spoke on condition that they not be identified discussing the sensitive information. "This is a high-severity, high-urgency threat,' said Michael Sikorski, chief technology officer and head of threat intelligence for Unit 42 at Palo Alto Networks Inc. "What makes this especially concerning is SharePoint's deep integration with Microsoft's platform, including their services like Office, Teams, OneDrive and Outlook, which has all the information valuable to an attacker,' he said. "A compromise doesn't stay contained-it opens the door to the entire network.' Tens of thousands - if not hundreds of thousands - of businesses and institutions worldwide use SharePoint in some fashion to store and collaborate on documents. Microsoft said that attackers are specifically targeting clients running SharePoint servers from their own on-premise networks, as opposed to being hosted and managed by the tech firm. That could limit the impact to a subsection of customers. A Microsoft spokesperson declined to comment beyond an earlier statement. "It's a dream for ransomware operators,' said Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys. He estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of such firms, followed by the Netherlands, the UK and Canada, he said. The breaches have drawn new scrutiny to Microsoft's efforts to shore up its cybersecurity after a series of high-profile failures. The firm has hired executives from places like the US government and holds weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms. The Center for Internet Security, which operates a cybersecurity information sharing system for state and local governments in the US, found more than 1,100 servers that are at risk from the SharePoint vulnerability, said Randy Rose, the organization's vice president of security operations and intelligence. Rose said more than 100 were likely hacked. The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers. Eye Security was the first to identify that attackers were actively exploiting the vulnerabilities in a wave of cyberattacks that began on Friday, said Vaisha Bernard, the company's chief hacker and co-owner. Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems. The SharePoint vulnerabilities, known as "ToolShell,' were first identified in May by researchers at a Berlin cybersecurity conference. In early July, Microsoft issued patches to fix the security holes, but hackers found another way in. "There were ways around the patches,' which enabled hackers to break into SharePoint servers by tapping into similar vulnerabilities, said Bernard. "That allowed these attacks to happen.' The intrusions, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised. He declined to identify the identity of organizations that had been targeted, but said they included government agencies and private companies, including "bigger multinationals.' The victims were located in countries in North and South America, the EU, South Africa, and Australia, he added. – Bloomberg
Yahoo
16 hours ago
- Yahoo
Hackers use Microsoft security flaw to commit global assault
July 21 (UPI) -- An investigation is underway after hackers used a security flaw in Microsoft software to internationally infiltrate agencies and businesses over the weekend. The United States, Canada and Australia have partnered in an effort to probe how the unidentified hackers used a security weak spot in Microsoft's SharePoint collaboration software to gain access to several American federal and state agencies, as well as energy companies, universities and an Asian telecommunications company. Microsoft announced Saturday that it "is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." Researchers at the Eye Security cybersecurity company first identified the weak point on Friday, explained as a "new SharePoint remote code execution vulnerability chain in the wild," it allows hackers to access the exploited SharePoint versions and steal keys that can let them impersonate users even after an affected server is patched or rebooted. As a result, hackers can use the liability to steal passwords and sensitive data and then travel the breached network through services that connect to SharePoint, such as Outlook, Teams and OneDrive. The SharePoint servers allow for documents to be shared and managed, and Microsoft has since released patches to defend SharePoint 2019 and SharePoint Subscription Edition servers, but a patch for SharePoint 2016 is still forthcoming. The attack, referred to a "zero-day" incident because it used a previously unknown vulnerability, only impacts servers housed within on-premises organizations, but not cloud operations like Microsoft 365. According to the press release from Microsoft, customers using the SharePoint Subscription Edition should "apply the security update provided in CVE-2025-53771 immediately to mitigate the vulnerability." As for those who use SharePoint 2016 or 2019, the current guidance is to "use or upgrade to supported versions of on-premises Microsoft SharePoint Server," which are SharePoint Server 2016, 2019 and SharePoint Subscription Edition, and then apply the latest security updates.
Arab Times
17 hours ago
- Business
- Arab Times
Microsoft releases urgent fix for SharePoint vulnerability being used in global cyberattacks
NEW YORK, July 21, (AP): Microsoft has issued an emergency fix to close off a vulnerability in Microsoft's SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies. The company issued an alert to customers Saturday saying it was aware of the zero-day exploit - where hackers take advantage of a previously unknown vulnerability - being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software. Cyber criminals often use zero-day exploits to steal sensitive data and passwords. The vulnerability also could allow hackers to access services connected to SharePoint, including OneDrive and Teams. The company said in its blog post that it discovered at least dozens of systems were compromised around the world. Security engineers stated the attacks occurred in waves on July 18 and 19. Although the scope of the attack is still being assessed, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
Washington Post
17 hours ago
- Business
- Washington Post
Microsoft releases urgent fix for Sharepoint vulnerability being used in global cyberattacks
NEW YORK — Microsoft has issued an emergency fix to close off a vulnerability in Microsoft's SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some federal agencies. The company issued an alert to customers Saturday saying it was aware of the zero-day exploit — where hackers take advantage of a previously unknown vulnerability — being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software. Cyber criminals often use zero-day exploits to steal sensitive data and passwords. The vulnerability also could allow hackers to access services connected to SharePoint, including OneDrive and Teams. The company said in its blog post that it discovered at least dozens of systems were compromised around the world. Security engineers stated the attacks occurred in waves on July 18 and 19. Although the scope of the attack is still being assessed, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
