Hackers exploit Microsoft SharePoint as firm works to patch
A guide through the most important stories of the morning, delivered Monday through Friday.
Enter Email
Sign Up
Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of those companies, followed by the Netherlands, the UK and Canada, he said.
Advertisement
'It's a dream for ransomware operators,' he said.
Microsoft has been trying to shore up its cybersecurity after a series of high-profile failures, hiring new executives from places like the US government and holding weekly meetings with senior executives to make its software more resilient. The company's tech has been subject to several widespread and damaging hacks in recent years, and a 2024 US government report described the company's security culture as in need of urgent reforms.
Advertisement
Palo Alto Networks Inc. warned that the SharePoint exploits are 'real, in-the-wild, and pose a serious threat.' Google Threat Intelligence Group said in an e-mailed statement it had observed hackers exploiting the vulnerability, adding it allows 'persistent, unauthenticated access and presents a significant risk to affected organizations.'
'When they're able to compromise the fortress that is SharePoint, everybody is kind of at their whim because that is one of the highest security protocols out there,' said Gene Yu, CEO of Singapore-based cyber incident response firm Blackpanda.
The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers.
Researchers at Eye Security were first to identify the vulnerability, the company said.
Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems.
Vaisha Bernard, chief hacker and co-owner of Eye Security, said his team identified a wave of attacks on Friday evening and a second wave on Saturday morning.
The attacks, he said, were not targeted and instead were aimed at compromising as many victims as possible. After scanning about 8,000 SharePoint servers, Bernard said he has so far identified at least 50 that were successfully compromised.
He declined to identify the identities of organizations that had been targeted, but said they included government agencies and private companies, including 'bigger multinationals.' The victims were located in countries in North and South America, the European Union, South Africa, and Australia, he added.
Advertisement
It was not clear who was behind the attacks, Bernard said, but 'my gut feeling says it's one group' behind them, due to similarities in the methods he observed during the attacks.
A Microsoft spokesperson declined to comment beyond the company's statement.
Microsoft has faced a series of recent cyberattacks, warning in March that Chinese hackers were targeting remote management tools and cloud applications to spy on a range of companies and organizations in the US and abroad.
The Cyber Safety Review Board, a White House-mandated group designed to examine major cyberattacks, said last year that Microsoft's security culture was 'inadequate' following the 2023 hack of the company's Exchange Online mailboxes. In that incident, hackers were able to breach 22 organizations and hundreds of individuals, including former US Commerce Secretary Gina Raimondo.
--With assistance from Lynn Doan.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Insider
15 minutes ago
- Business Insider
Don't Expect Apple Stock (AAPL) to Pop Until AI and Tariff Uncertainty Ease, Say Analysts
Apple (AAPL) stock was higher today after analysts largely gave a thumbs up to its strong Q3 results, but investors shouldn't expect a huge uptick until AI and tariff overhangs are dealt with. Elevate Your Investing Strategy: Take advantage of TipRanks Premium at 50% off! Unlock powerful investing tools, advanced data, and expert analyst insights to help you invest with confidence. The tech giant yesterday announced earnings per share (EPS) of $1.57, which topped consensus expectations of $1.43. Revenue in the April through June quarter came in at $94.04 billion, beating Wall Street forecasts of $89.53 billion. The Silicon Valley-based company also reported that its iPhone sales grew 13% year-over-year during the quarter and its overall revenue grew 10%, the largest quarterly revenue growth since December 2021. Time for AI Krish Sankar, five-star TipRanks-rated analyst at TD Cowen, reiterated his Buy rating on the stock and kept a $275 price target. 'Revenue growth was better than feared, driven by above seasonal iPhone and Mac demand,' he said. He said that concerns over Apple's 'incomplete AI strategy' were an ongoing overhang for the stock but that the company has around 18 months to 'rectify' this. 'The personalized Siri is still on track for a 2026 release and Apple has increased AI retail spend across research and development,' he said. ' While investors are understandably focused on Apple's lack of leadership in AI models and Agentic AI systems, the declining cost to access models can be leveraged.'. Morgan Stanley analyst Erik Woodring raised the firm's price target on Apple to $240 from $235 and kept a Buy rating. He said Apple's report was its strongest quarterly report in over two years. Historically, he said this would be a quarter 'where bulls get louder,' but he doesn't expect Apple to 'break out until clarity emerges on tariffs and regulation.' Srini Pajjuri, analyst at Raymond James, raised the firm's price target on Apple to $240 from $230 and kept an Outperform rating. He was encouraged by accelerating capex spend and expects Apple Intelligence, including the much-awaited Siri update, to drive a multiyear upgrade cycle. Valuation Risk Needham analyst Laura Martin reiterated her Hold rating. She said the impressive financial performance was overshadowed by concerns about the company's future growth prospects. This included the anticipated delay in the integration of Apple Intelligence until after 2025 and the competitive pressure from Android's advancements. She highlighted the risk associated with Apple's heavy reliance on the iPhone, suggesting that if Apple's iOS system lags significantly behind Android, it could pose a substantial valuation risk for the company. Indeed, the group has struggled in comparison with its peers over the last 12 months. Is AAPL a Good Stock to Buy Now? On TipRanks, AAPL has a Moderate Buy consensus based on 13 Buy, 12 Hold and 1 Sell ratings. Its highest price target is $275. AAPL stock's consensus price target is $228.11, implying an 8.09% upside.
Yahoo
21 minutes ago
- Yahoo
Roadzen Subsidiary Partners with Major UK Car Retailer to Offer Integrated GAP Insurance
Roadzen Inc. (NASDAQ:RDZN) is one of the tech stocks to buy according to analysts. On July 15, Roadzen announced that its wholly-owned UK-based subsidiary, called Global Insurance Management Limited/GIM, partnered with one of the UK's largest independent retailers of nearly new cars and vans. The collaboration will offer GAP Insurance to the retailer's over 60,000 annual vehicle buyers as part of their vehicle purchase process. Through the partnership, Roadzen's advanced technology and insurance infrastructure will power a fully integrated Return to Invoice/RTI GAP insurance solution. The solution will be embedded directly into the UK retailer's digital and in-store sales process. Insurance house, car and family health live concept. The insurance agent presents the toys that symbolize the coverage. The partnership is facilitated by Roadzen's Global Distribution Network/GDN platform, which provides real-time pricing, policy issuance, payment collection, and claims processing through a single, seamless digital interface for clients. Roadzen Inc. (NASDAQ:RDZN) operates an Insurtech company in India, the US, the UK, and Europe. It serves insurers, reinsurers, agents, brokers, carmakers, dealerships, fleets, taxicab companies, ridesharing platforms, and other distribution channels. While we acknowledge the potential of RDZN as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the . READ NEXT: and . Disclosure: None. This article is originally published at Insider Monkey. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Yahoo
an hour ago
- Yahoo
I missed Nvidia – could this be the next big US growth stock?
Let's be honest — most of us missed the boat on Nvidia (NASDAQ: NVDA). And by the time we realised just how vital graphics processing units (GPUs) would become to artificial intelligence (AI), the share price had already soared into the stratosphere. Over the past five years, the stock has climbed almost 1,600%. In the last six months alone, it's up almost 50%, adding over $1.5trn to its market value. It's now the most valuable company in the world, overtaking Microsoft and Apple in June. I have exposure to the stock through several ETFs and investment trusts, so I didn't entirely miss out on the action. But I certainly made nowhere near the gains I would have had I bought individual shares. Which makes me wonder, how did Nvidia get here, and what stock could be next? Crunching the numbers The numbers behind the hype are jaw-droppingly impressive. For the fiscal year ending January 2025, revenue reached $130bn, a staggering increase from $27bn just two years ago. Net income exploded from $4.3bn in 2022 to more than $70bn this year. And its margins are enormous — a return on equity of 115% and gross margins consistently above 70%. Yet despite the parabolic growth, I don't think it's entirely overvalued yet. In fact, I still think it's worth considering as a long-term investment. It's a world-class company with room to expand further and the global AI arms race is just getting started – with Nvidia at its core. Realistically, though, the biggest gains have already been made. Buying now means betting on continued dominance that may already be priced in, which is a risk. The stock trades at a price-to-earnings (P/E) ratio of 45 – not outrageous considering its growth, but not cheap either. So where should investors look if they want to catch the next killer growth stock before it becomes a trillion-dollar giant? Could SymphonyAI be next? One company on my radar is SymphonyAI, a private US firm reportedly preparing for a Nasdaq IPO later this year. It's not yet listed, but when it does go public, I'll be watching closely. Founded by billionaire Romesh Wadhwani, it specialises in applying AI to specific industry verticals – retail, finance, manufacturing, and healthcare. It doesn't build chips like Nvidia, but it builds the enterprise software that helps businesses harness AI to improve decision-making and productivity. Unlike many AI startups, SymphonyAI already has real revenues and customers. Its retail division serves over 1,200 brands, while its industrial arm works with giants like Nestlé and ArcelorMittal. While financials are still private, it reportedly generates hundreds of millions in annual revenue and is growing fast. If the IPO goes ahead this autumn, it could be one of the most closely watched tech listings of the year. Long-term mindset Nvidia's success was powered by timing, technology, and a growing reliance on data. It may still reward shareholders but the days of 10x returns are likely behind us. SymphonyAI might never reach Nvidia's heights but it could offer early-stage exposure to enterprise AI – the next leg of this growth story. If the valuation is right, it could turn out to be a once-in-a-decade opportunity. The post I missed Nvidia – could this be the next big US growth stock? appeared first on The Motley Fool UK. More reading 5 Stocks For Trying To Build Wealth After 50 One Top Growth Stock from the Motley Fool Mark Hartley has no position in any of the shares mentioned. The Motley Fool UK has recommended Apple, Microsoft, and Nvidia. Views expressed on the companies mentioned in this article are those of the writer and therefore may differ from the official recommendations we make in our subscription services such as Share Advisor, Hidden Winners and Pro. Here at The Motley Fool we believe that considering a diverse range of insights makes us better investors. Motley Fool UK 2025 Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
