logo
Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say

Microsoft server hack likely single actor, thousands of firms now vulnerable, researchers say

Mint7 days ago
Hack exploits previously unknown flaw in SharePoint software
Thousands of entities potentially now vulnerable to attack
Hack likely work of one threat actor or group, researcher says
Unclear who is behind attacks
LONDON, July 21 (Reuters) - A global attack on Microsoft server software used by thousands of government agencies and businesses to share documents within organisations is likely the work of a single actor, a cybersecurity researcher said on Monday. Microsoft on Saturday issued an alert about "active attacks" on SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the exploit, also known as a "zero day" because it was previously unknown to cybersecurity researchers.
"Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it's possible that this will quickly change," Rafe Pilling, Director of Threat Intelligence at Sophos, a British cybersecurity firm.
That tradecraft included the sending of the same digital payload to multiple targets, Pilling added.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Centre did not immediately respond to a request for comment.
The Washington Post said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Do you know how much a software engineer earns at Microsoft? Find out each team's earning at this American tech giant
Do you know how much a software engineer earns at Microsoft? Find out each team's earning at this American tech giant

India.com

time39 minutes ago

  • India.com

Do you know how much a software engineer earns at Microsoft? Find out each team's earning at this American tech giant

Microsoft CEO Satya Nadella Microsoft Layoffs: American technology giant Microsoft recently decided to lay off nearly 4 percent of its workforce as the company looks to rein in costs amid hefty investments in artificial intelligence infrastructure. The company, which had about 228,000 employees worldwide as of June 2024, had announced layoffs in May, affecting around 9,000 workers. These layoffs are being carried out across nations, and reportedly professionals of all levels of experience are bracing for impact. Microsoft confirmed to Reuters that its gaming division was impacted by the layoffs, although not the majority of the unit, but did not provide further details. A spokesperson for the firm told the BBC: 'We continue to implement organisational changes necessary to best position the company for success in a dynamic marketplace.' According to a report by Business Insider, based on internal Microsoft documents, employees are being urged to make greater use of AI tools. This strategy enables managers to offer retention bonuses to those contributing to AI-related projects. It has been noted that employees in Microsoft's AI divisions earn higher salaries compared to their counterparts in non-AI roles. Some salary ranges for various roles are as follows: Software Engineer: $82,971-$284,000 Product Manager: $122,800-$250,000 Data Engineering: $144,855-$264,000 Data Science: $121,200-$274,500 Customer Experience Engineering: $126,422-$239,585 Technical Program Management: $120,900-$238,000 Applied Science: $127,200-$261,103 Hardware Engineer: $136,000-$270,641 Cloud Network Engineering: $122,700-$220,716 Research, Applied and Data Science: $85,821-$208,800 Business Analytics: $159,300-$191,580 It is important to note that these figures are based on over 5,400 visa applications processed up to early 2025.

AI agents are here. Here's what to know about what they can do – and how they can go wrong
AI agents are here. Here's what to know about what they can do – and how they can go wrong

Mint

time39 minutes ago

  • Mint

AI agents are here. Here's what to know about what they can do – and how they can go wrong

Melbourne, Jul 28 (The Conversation) We are entering the third phase of generative AI. First came the chatbots, followed by the assistants. Now we are beginning to see agents: systems that aspire to greater autonomy and can work in 'teams' or use tools to accomplish complex tasks. The latest hot product is OpenAI's ChatGPT agent. This combines two pre-existing products (Operator and Deep Research) into a single more powerful system which, according to the developer, 'thinks and acts'. These new systems represent a step up from earlier AI tools. Knowing how they work and what they can do – as well as their drawbacks and risks – is rapidly becoming essential. ChatGPT launched the chatbot era in November 2022, but despite its huge popularity the conversational interface limited what could be done with the technology. Enter the AI assistant, or copilot. These are systems built on top of the same large language models that power generative AI chatbots, only now designed to carry out tasks with human instruction and supervision. Agents are another step up. They are intended to pursue goals (rather than just complete tasks) with varying degrees of autonomy, supported by more advanced capabilities such as reasoning and memory. Multiple AI agent systems may be able to work together, communicating with each other to plan, schedule, decide and coordinate to solve complex problems. Agents are also 'tool users' as they can also call on software tools for specialised tasks – things such as web browsers, spreadsheets, payment systems and more. A year of rapid development Agentic AI has felt imminent since late last year. A big moment came last October, when Anthropic gave its Claude chatbot the ability to interact with a computer in much the same way a human does. This system could search multiple data sources, find relevant information and submit online forms. Other AI developers were quick to follow. OpenAI released a web browsing agent named Operator, Microsoft announced Copilot agents, and we saw the launch of Google's Vertex AI and Meta's Llama agents. Earlier this year, the Chinese startup Monica demonstrated its Manus AI agent buying real estate and converting lecture recordings into summary notes. Another Chinese startup, Genspark, released a search engine agent that returns a single-page overview (similar to what Google does now) with embedded links to online tasks such as finding the best shopping deals. Another startup, Cluely, offers a somewhat unhinged 'cheat at anything' agent that has gained attention but is yet to deliver meaningful results. Not all agents are made for general-purpose activity. Some are specialised for particular areas. Coding and software engineering are at the vanguard here, with Microsoft's Copilot coding agent and OpenAI's Codex among the frontrunners. These agents can independently write, evaluate and commit code, while also assessing human-written code for errors and performance lags. Search, summarisation and more One core strength of generative AI models is search and summarisation. Agents can use this to carry out research tasks that might take a human expert days to complete. OpenAI's Deep Research tackles complex tasks using multi-step online research. Google's AI 'co-scientist' is a more sophisticated multi-agent system that aims to help scientists generate new ideas and research proposals. Agents can do more – and get more wrong Despite the hype, AI agents come loaded with caveats. Both Anthropic and OpenAI, for example, prescribe active human supervision to minimise errors and risks. OpenAI also says its ChatGPT agent is 'high risk' due to potential for assisting in the creation of biological and chemical weapons. However, the company has not published the data behind this claim so it is difficult to judge. But the kind of risks agents may pose in real-world situations are shown by Anthropic's Project Vend. Vend assigned an AI agent to run a staff vending machine as a small business – and the project disintegrated into hilarious yet shocking hallucinations and a fridge full of tungsten cubes instead of food. In another cautionary tale, a coding agent deleted a developer's entire database, later saying it had 'panicked'. Nevertheless, agents are already finding practical applications. In 2024, Telstra heavily deployed Microsoft copilot subscriptions. The company says AI-generated meeting summaries and content drafts save staff an average of 1–2 hours per week. Many large enterprises are pursuing similar strategies. Smaller companies too are experimenting with agents, such as Canberra-based construction firm Geocon's use of an interactive AI agent to manage defects in its apartment developments. At present, the main risk from agents is technological displacement. As agents improve, they may replace human workers across many sectors and types of work. At the same time, agent use may also accelerate the decline of entry-level white-collar jobs. People who use AI agents are also at risk. They may rely too much on the AI, offloading important cognitive tasks. And without proper supervision and guardrails, hallucinations, cyberattacks and compounding errors can very quickly derail an agent from its task and goals into causing harm, loss and injury. The true costs are also unclear. All generative AI systems use a lot of energy, which will in turn affect the price of using agents – especially for more complex tasks. Learn about agents – and build your own Despite these ongoing concerns, we can expect AI agents will become more capable and more present in our workplaces and daily lives. It's not a bad idea to start using (and perhaps building) agents yourself, and understanding their strengths, risks and limitations. For the average user, agents are most accessible through Microsoft copilot studio. This comes with inbuilt safeguards, governance and an agent store for common tasks. For the more ambitious, you can build your own AI agent with just five lines of code using the Langchain framework. (The Conversation) NSA NSA

"Do We Switch Off Our Economy?" Indian Envoy's Blunt Reply On Russia Oil Question
"Do We Switch Off Our Economy?" Indian Envoy's Blunt Reply On Russia Oil Question

NDTV

timean hour ago

  • NDTV

"Do We Switch Off Our Economy?" Indian Envoy's Blunt Reply On Russia Oil Question

London: Indian High Commissioner to the UK Vikram Doraiswami has rejected the West's criticism of India's oil imports from Russia and said a country can't "switch off its economy". Speaking to British radio station, Times Radio, last week, he said many of India's European partners are also continuing to buy rare earth and other energy products from the same countries that they're "refusing to let us buy from". "Don't you think that that seems a little odd?" Mr Doraiswami said. India, the world's third-largest oil importer, traditionally sourced its oil from the Middle East, but started importing a large volume of oil from Russia after it began offering steep discounts to attract alternative buyers. Moscow's move came after it faced sanctions from various Western countries over the invasion of Ukraine in February 2022. Asked about India's "closeness" with Russia and President Vladimir Putin, he said New Delhi's relationship is based on a number of metrics. "One of these is our long-standing security relationship that goes back to an era in which some of our Western partners wouldn't sell us weapons but would sell them to countries in our neighbourhood that use them only to attack us," the Indian envoy explained. He also said that India has an "energy relationship" with Russia, which is the result of "everybody else buying energy from sources that we used to buy from earlier". "So we've been displaced out of the energy market largely, and the costs have gone up. We are the third-largest consumer of energy in the world. We import over 80% of our product. What would you have us do? Switch off our economy," Mr Doraiswami said. "We also see around us relationships that other countries maintain for their own convenience with countries that are a source of difficulty for us. Do we ask you to come up with a little test of loyalty?" he said. Speaking on the Russia-Ukraine conflict, he said that Prime Minister Narendra Modi has repeatedly said that "this isn't an era of war". "He's made that point repeatedly, including with the president of Russia and with the president of Ukraine (Volodymyr Zelensky)," he said. "We are very keen for this terrible conflict to stop, as we are keen for conflicts across the world to stop," Mr Doraiswami added.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store