logo
Microsoft flaw 'opens the door' for hackers. It will be hard to close

Microsoft flaw 'opens the door' for hackers. It will be hard to close

The Star5 days ago
Waves of cyberattacks are hitting a commonly used Microsoft product, compromising dozens of organisations around the world.
The hackers exploited a vulnerability in Microsoft SharePoint, an Internet-based app primarily used by government agencies and private companies for internal documents and records. The company alerted customers to the problem on July 19, and on July 20 issued guidance on how to fix it.
The Cybersecurity and Infrastructure Security Agency, a branch of the US Department of Homeland Security, said on July 20 that it's still assessing the scope of the attacks.
"CISA was made aware of the exploitation by a trusted partner and we reached out to Microsoft immediately to take action," Chris Butera, CISA acting executive assistant director for cybersecurity, said in a statement. "Microsoft is responding quickly, and we are working with the company to help notify potentially impacted entities about recommended mitigations."
Cybersecurity company Eye Security scanned more than 8,000 SharePoint servers worldwide and found that dozens of organisations were compromised during attacks from Friday through Monday. Eye Security said it discovered the attacks.
Microsoft and cybersecurity experts said customers who use SharePoint through a cloud-based server aren't at risk. It's organisations that use their own, on-premises servers for SharePoint are vulnerable. That likely includes government agencies, schools, hospitals and large companies.
Eye Security and Microsoft urged customers to follow Microsoft's guidance for mitigating exposure from hackers floating into a network and stealing data. In other intrusions, hackers have stolen identifying information of customers as well as intellectual property and internal communications.
"The risk is not theoretical," Eye Security said in a blog post.
The vulnerability in the system is referred to as a "zero-day" exploit, which means it's a flaw that the company wasn't aware of. Therefore, the company's security team had zero days to prepare a patch or fix.
CISA said malicious hackers are able to manipulate code within an organisation's SharePoint network if they gain access.
Microsoft labelled the severity of the flaw as critical, the most serious designation in its security guide. Unit 42, a team of cyber threat researchers with Palo Alto Networks, said it was a severe and urgent threat.
Michael Sikorski, chief technical officer for Unit 42, said in a statement that attackers are bypassing passwords and other security measures in SharePoint to gain access to sensitive data and establish footholds. They're able to create backdoors into networks that survive reboots and updates.
"If you have SharePoint (on-premises) exposed to the Internet, you should assume that you have been compromised at this point," he said. "Patching alone is insufficient to fully evict the threat."
SharePoint is deeply connected with Microsoft's suite of products, including services like Outlook and Teams, which makes the attacks especially concerning, according to Sikorski.
"A compromise doesn't stay contained – it opens the door to the entire network," he said.
In a threat brief on Monday, Palo Alto Networks recommended customers to follow Microsoft's guidance.
The attacks come four months after researchers at cybersecurity company Trend Micro reported another zero-day exploit at Microsoft. In that case, state-sponsored attackers from North Korea, Iran, Russia and China were able to manipulate a flaw in shortcut links on Windows to steal data and cryptocurrency. – The Seattle Times/Tribune News Service
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

What to know about the hack at Tea, an app where women share red flags about men
What to know about the hack at Tea, an app where women share red flags about men

The Star

timean hour ago

  • The Star

What to know about the hack at Tea, an app where women share red flags about men

A fast-growing app for women was hacked after it shot to the top of app download charts and kicked off heated debates about women's safety and dating. The app, Tea Dating Advice , allowed women worried about their safety to share information about men they might date. Its premise was immediately polarising: Some praised it as a useful way to warn women about dangerous men, while others called it divisive and a violation of men's privacy. On July 25, Tea said that hackers had breached a data storage system, exposing about 72,000 images, including selfies and photo identifications of its users. Here's what to know about the situation. What is the Tea app? Released in 2023, the US-based app says it is a resource for women to protect themselves while dating, with some online likening it to a Yelp service for women dating men in the same area. Women who sign up and are approved can join an anonymous forum to seek feedback on men they are interested in, or report bad behaviour from men they have dated. Other tools on the app allow users to run background checks, search for criminal records and reverse image search for photos in the hope of spotting 'catfishing', where people pass off photos of others as themselves. According to Tea's site, the app's founder, Sean Cook, launched the app because he witnessed his mother's 'terrifying' experience with online dating. He said she was catfished and unknowingly engaged with men who had criminal records. When did it take off? Interest in the app this week escalated after it became the subject of videos and conversations about dating and gender dynamics on social media. On Thursday, Tea reported a 'massive surge in growth', saying on Instagram that more than 2 million users in the past few days had asked to join the app. It was listed as the top free app in Apple's download charts, and was also highly ranked in the Google Play store. Critics however, including some users on 4chan, an anonymous message board known for spreading hateful content, called for the site to be hacked. What happened in the breach? On Friday, Tea said that there had been a data breach of a 'legacy storage system' holding data for its users. The company said it had detected unauthorised access to about 72,000 images, including about 13,000 selfies and images of identification documents, which the company solicited to verify that users are women. Images from posts, comments and direct messages in the apps were also included in the breach, it said. Whose data was hacked? Tea said that the data belonged to users who signed up before February 2024. According to Tea's privacy policy, the selfies it solicits are deleted shortly after users are verified. The hacked images were not deleted. That data set was stored 'in compliance with law enforcement requirements related to cyberbullying prevention', Tea said in its statement, and was not moved to newer systems that Tea said were better fortified. Where did it end up? Data from the hack, including photos of women and of identification cards containing personal details, appeared to circulate online Friday. An anonymous user shared the database of photographs, which the user said included driver's licenses, to 4chan, according to the tech publication 404 Media, the first outlet to report on the breach. Some circulated a map, which The New York Times was unable to authenticate, that purported to use data from the leak to tie the images to locations. That thread was later deleted. According to an archived version of the thread, the user accused the Tea app of exposing people's personal information because of its inadequate protections. What happens now? Tea said that it was working with third-party cybersecurity experts, and that there was 'no evidence' to suggest other user data was leaked. The app's terms and conditions note that users provide their location, birth date, photo and photo ID during registration. Tea said, that in 2023, it removed a requirement for photo ID in addition to a selfie. The conversation around Tea has tapped into a larger face-off over the responsibility of platforms that women say can help protect them from dating untrustworthy or violent men. Many of them, such as 'Are We Dating the Same Guy?' groups, have spread widely on platforms like Facebook. But such groups have increasingly drawn accusations of stoking gender divisions, as well as claims from men who say the groups have defamed them or invaded their privacy. – ©2025 The New York Times Company This article originally appeared in The New York Times.

China showcases humanoid robots at Shanghai AI conference
China showcases humanoid robots at Shanghai AI conference

The Sun

time5 hours ago

  • The Sun

China showcases humanoid robots at Shanghai AI conference

SHANGHAI: Serving craft beer, playing mahjong, and even boxing—humanoid robots took center stage at the World AI Conference (WAIC) in Shanghai this weekend, showcasing China's rapid advancements in artificial intelligence. The event, attended by over 800 companies, featured more than 3,000 products, with humanoid robots stealing the spotlight through their quirky yet impressive demonstrations. Premier Li Qiang opened the conference by announcing China's plans to establish a new AI governance body, emphasizing the need to balance innovation with risk management. However, the expo itself buzzed with excitement rather than concern. 'Demand is currently very strong, whether in terms of data, scenarios, model training, or artificial construction. The overall atmosphere in all these areas is very lively,' said Yang Yifan, R&D director at Shanghai-based AI firm Transwarp. This year's WAIC follows a major milestone for Chinese AI—startup DeepSeek's January unveiling of an AI model rivalling top US systems at a fraction of the cost. Among the exhibits, robots drummed to Queen's 'We Will Rock You,' played curling, and served drinks, though some movements remained slightly unrefined. Still, the progress from previous years was evident. China has heavily invested in robotics, with some experts suggesting it may already hold an edge over the US. Unitree, a Hangzhou-based firm, showcased its G1 android, which performed fluid boxing moves, and announced the upcoming launch of a full-sized humanoid robot priced under $6,000. Beyond hardware, AI companions—ranging from digital businessmen to warriors—interacted with visitors via screens. Baidu introduced its latest 'digital humans,' AI agents capable of decision-making and collaboration. The company reported that these avatars outperformed human streamers in e-commerce sales during a recent live broadcast. Baidu also revealed it secured approval for fully driverless robotaxis in Shanghai's Pudong district, marking another step in AI integration. Despite concerns about job displacement, Baidu's Wu Chenxia stressed AI's role in enhancing efficiency rather than replacing humans. Visitors remained captivated by the technology on display. 'When it comes to China's AI development, we have a comparatively good foundation of data and also a wealth of application scenarios,' said Yang. 'There are many more opportunities for experimentation.' - AFP

US, China to resume tariff talks in effort to extend truce
US, China to resume tariff talks in effort to extend truce

New Straits Times

time6 hours ago

  • New Straits Times

US, China to resume tariff talks in effort to extend truce

STOCKHOLM: Senior US and Chinese negotiators meet in Stockholm on Monday to tackle longstanding economic disputes at the centre of a trade war between the world's top two economies, aiming to extend a truce keeping sharply higher tariffs at bay. China is facing an August 12 deadline to reach a durable tariff agreement with President Donald Trump's administration, after Beijing and Washington reached a preliminary deal in June to end weeks of escalating tit-for-tat tariffs. Without an agreement, global supply chains could face renewed turmoil from duties exceeding 100 per cent. The Stockholm talks, led by US Treasury Secretary Scott Bessent and Chinese Vice Premier He Lifeng, come right on the heels of Trump's biggest trade deal yet, with the European Union accepting a 15 per cent tariff on its goods exports to the US and agreeing to make significant EU purchases of US energy and military equipment. That deal struck with European Commission President Ursula von der Leyen on Sunday in Scotland also calls for $600 billion in investments in the US by the EU, Trump told reporters. No similar breakthrough is expected in the US-China talks, but trade analysts said that another 90-day extension of a tariff and export control truce struck in mid-May was likely. An extension of that length would prevent further escalation and help create conditions for a potential meeting between Trump and Chinese President Xi Jinping in late October or early November. Spokespersons for the White House and US Trade Representative's office did not immediately respond to requests for comment on a South China Morning Post report quoting unnamed sources as saying the two sides would refrain from introducing new tariffs or take other steps that could escalate the trade war for another 90 days. Trump's administration is poised to impose new sectoral tariffs that will impact China, including on semiconductors, pharmaceuticals, ship-to-shore cranes and other products. "We're very close to a deal with China. We really sort of made a deal with China, but we'll see how that goes," Trump told reporters before his meeting with von der Leyen, providing no further details. DEEPER ISSUES Previous US-China trade talks in Geneva and London in May and June focused on bringing US and Chinese retaliatory tariffs down from triple-digit levels and restoring the flow of rare earth minerals halted by China and Nvidia's H20 AI chips and other goods halted by the United States. So far, the talks have not delved into broader economic issues. They include US complaints that China's state-led, export-driven model is flooding world markets with cheap goods, and Beijing's complaints that US national security export controls on tech goods seek to stunt Chinese growth. "Stockholm will be the first meaningful round of US-China trade talks," said Bo Zhengyuan, Shanghai-based partner at China consultancy firm Plenum. Trump has been successful in pressuring some other trading partners, including Japan, Vietnam and the Philippines, into deals accepting higher US tariffs of 15 per cent to 20 per cent. Analysts say the US-China negotiations are far more complex and will require more time. China's grip on the global market for rare earth minerals and magnets, used in everything from military hardware to car windshield wiper motors, has proved to be an effective leverage point on US industries. TRUMP-XI MEETING? In the background of the talks is speculation about a possible meeting between Trump and Xi in late October. Trump has said he will decide soon whether to visit China in a landmark trip to address trade and security tensions. A new flare-up of tariffs and export controls would likely derail any plans for a meeting with Xi. "The Stockholm meeting is an opportunity to start laying the groundwork for a Trump visit to China," said Wendy Cutler, vice president at the Asia Society Policy Institute. Bessent has already said he wants to work out an extension of the August 12 deadline to prevent tariffs snapping back to 145 per cent on the US side and 125 per cent on the Chinese side. Still, China will likely request a reduction of multi-layered US tariffs totaling 55 per cent on most goods and further easing of US high-tech export controls, analysts said. Beijing has argued that such purchases would help reduce the US trade deficit with China, which reached $295.5 billion in 2024. China is currently facing a 20 per cent tariff related to the US fentanyl crisis, a 10 per cent reciprocal tariff, and 25 per cent duties on most industrial goods imposed during Trump's first term. Bessent has also said he would discuss with He the need for China to rebalance its economy away from exports toward domestic consumer demand. The shift would require China to put an end to a protracted property crisis and boost social safety nets to encourage household spending. Michael Froman, a former US trade representative during Barack Obama's administration, said such a shift has been a goal of US policymakers for two decades. "Can we effectively use tariffs to get China to fundamentally change their economic strategy? That remains to be seen," said Froman, now president of the Council on Foreign Relations think tank.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store