How your org can avoid being a victim of the next 'SharePoint'
In just a matter of days, a recently disclosed RCE vulnerability in Microsoft SharePoint, the enterprise platform many companies rely on to store and share internal documents, sent shockwaves of concern throughout organizations, leaving many searching for answers as to what they need to know and how they can protect themselves and their customers.
Why did this thing get so big so fast?
The SharePoint vulnerability received a severity score of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), which is a standardized framework used to assess and prioritize security flaws. A score that high signals a critical risk, meaning affected organizations should apply the available patch immediately.
The extreme severity, paired with SharePoint's widespread use in enterprise environments, helped the threat (and the headlines) spread rapidly.
When an attack of this scale occurs, it's natural to look for something or someone to blame. Outdated or neglected systems are often among the first to be blamed in cybersecurity, but in this case, legacy infrastructure wasn't the issue. SharePoint is actively maintained, and a patch was already available. The challenge was that security teams typically don't know what's vulnerable until a flaw is publicly disclosed—and from there, it becomes a race to assess risk and apply the fix before attackers can take advantage.
Protecting company secrets
The SharePoint RCE vulnerability is a reminder that protecting sensitive information starts with controlling who has access to it. One of the simplest ways to keep intruders out is by using multi-factor authentication—the process of confirming your identity with more than just a password. Yes, it can be a hassle to enter a code from your phone, but that small extra step makes it much harder for attackers to break in.
SharePoint comes with built-in tools that let organizations control who can see and edit files. But those tools only work if they're used wisely. For example, not every employee needs access to every document. Keeping sensitive files limited to just the people who need them helps reduce the risk if someone does manage to sneak into the system.
It's also important to watch for unusual behavior—small signs that something might be wrong. If someone's account suddenly tries to access files they don't normally use, logs in from an unfamiliar location or gets blocked repeatedly when trying to open restricted content, those are red flags. Many organizations use tools like Security Information and Event Management (SIEM) platforms and user and entity behavior analytics (UEBA) to catch these early warning signs. SIEM tools help security teams monitor activity across the network, while UEBA uses patterns and data to flag behavior that's out of the ordinary. Together, they can help stop an attack before it causes serious damage.
Now what?
Incidents like the SharePoint vulnerability highlight just how quickly a virtual flaw can turn into a real-world problem—exposing sensitive data, disrupting operations and shaking trust. These events offer organizations a moment to revisit the fundamentals: making sure employees know how to recognize phishing attempts, limiting who has access to critical documents and using safeguards like multi-factor authentication to keep intruders out.
But the real key is consistency. Cybersecurity has to be built into the culture of the organization. That means clear policies, ongoing awareness, and fast action when something feels off. The companies that fare best in the face of threats like RCEs aren't always the biggest or most high-tech—they're the ones that stay alert, respond quickly and prioritize cybersecurity as an essential part of the business.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
a few seconds ago
- Yahoo
Major bank's Australian-first move to crack down on costly $9.5m scourge: 'Screenshot the text'
Commonwealth Bank (CBA) has launched an Australian-first tool to help people check whether they're about to be scammed. It can be difficult sometimes to work out whether a text message that's landed in your phone is real or from a criminal trying to steal your information or money. But CBA's new AI-powered Scam Checker aims to crack down on this issue. Users will now be able to send a screenshot of the message to the Truyu app, which is owned by CBA, to check what they should do. "When you upload a suspicious text to Scam Checker, you're not just protecting yourself. You're also helping keep others safe by sharing valuable information that can be used to help protect them too," Melanie Hayden, Truyu's managing director, said. RELATED Duplicitous new scam targeting 'vulnerable' Aussies costs pensioner $45,000 Text message 'proves' common dinner bill foul play as woman left '$500 out-of-pocket Woolworths shopper saves $60 after discovering game-changing new trick How does CBA's Scam Checker work? Scammers have been able to impersonate banks big and small across Australia, as well as other trusted organisations like Centrelink, the ATO, telcos, internet service providers, and myGov. Some text messages can arrive in the same thread as previous legitimate conversations from that person or organisation, which can make it hard to know what to trust. But Scam Checker uses a "powerful combination" of generative AI and CBA's scams intelligence to dig into the nitty-gritty of any message you give it. While scammers might try their best to look and sound exactly like the group or person they're imitating, they're not always perfect. The tool will be able to scan the message and any links included within seconds to determine whether you should reply to avoid. In the first half of 2024, nearly 58,000 scam text messages were reported, but calls led to the highest reported losses. There have been more than 11,700 of these dodgy messages reported in 2025 so far, with $9.5 million in reported is Truyu? The Truyu app was launched last year between CBA and its digital business arm x15ventures as a way to prevent customers from being scammed. They can check the app to see whether their personal or banking information has been exposed in a data breach. Users will get alerted if their name, date of birth, passport or driver's licence details are being used by thousands of retailers and vendors across the country. If there's a company or business that doesn't ring a bell, customers can find out how the details are being used and shut it down if it's illegitimate. Scam Checker is another weapon in Truyu's arsenal, which has already saved thousands of Australians from being hacked. You can get three months of free access when you sign up, and then after that it costs $4.99 per month. CBA users will be asked to verify certain card purchases One-time passwords (OTPs) have been used by many banks across Australia to help verify a payment or money transfer. However, CBA customers will be asked to log in to the bank's app to approve certain card payments instead of receiving those OTPs. "We are able to give clearer guidance and warnings in the app than in a text message," James Roberts, CBA's general manager of Group Fraud, said. It's aimed at relying less on text messages for important communication between the bank and its customers, as these messages can be hijacked by scammers. 'Earlier this year CommBank introduced in-app authentication to help stop unauthorised access to a customer's online banking, even if a would-be intruder has obtained the customer's password," Roberts added. "We're now looking at progressively moving other sensitive notifications and actions into the app – such as transaction alerts and security prompts – to enhance customer protections."Error in retrieving data Sign in to access your portfolio Error in retrieving data
Yahoo
30 minutes ago
- Yahoo
Exclusive-SK Hynix expects AI memory market to grow 30% a year to 2030
By Heekyong Yang and Max A. Cherney SEOUL/SAN FRANCISCO (Reuters) -South Korea's SK Hynix forecasts that the market for a specialized form of memory chip designed for artificial intelligence will grow 30% a year until 2030, a senior executive said in an interview with Reuters. The upbeat projection for global growth in high-bandwidth memory (HBM) for use in AI brushes off concern over rising price pressures in a sector that for decades has been treated like commodities such as oil or coal. "AI demand from the end user is pretty much, very firm and strong," said SK Hynix's Choi Joon-yong, the head of HBM business planning at SK Hynix. The billions of dollars in AI capital spending that cloud computing companies such as Amazon, Microsoft and Alphabet's Google are projecting will likely be revised upwards in the future, which would be "positive" for the HBM market, Choi said. The relationship between AI build-outs and HBM purchases is "very straightforward" and there is a correlation between the two, Choi said. SK Hynix's projections are conservative and include constraints such as available energy, he said. But the memory business is undergoing a significant strategic change during this period as well. HBM - a type of dynamic random access memory or DRAM standard first produced in 2013 - involves stacking chips vertically to save space and reduce power consumption, helping to process the large volumes of data generated by complex AI applications. SK Hynix expects this market for custom HBM to grow to tens of billions of dollars by 2030, Choi said. Due to technological changes in the way SK Hynix and rivals such as Micron Technology and Samsung Electronics build next-generation HBM4, their products include a customer-specific logic die, or "base die", that helps manage the memory. That means it is no longer possible to easily replace a rival's memory product with a nearly identical chip or product. Part of SK Hynix's optimism for future HBM market growth includes the likelihood that customers will want even further customisation than what SK Hynix already does, Choi said. At the moment it is mostly larger customers such as Nvidia that receive individual customisation, while smaller clients get a traditional one-size-fits-all approach. "Each customer has different taste," Choi said, adding that some want specific performance or power characteristics. SK Hynix is currently the main HBM supplier to Nvidia, although Samsung and Micron supply it with smaller volumes. Last week, Samsung cautioned during its earnings conference call that current generation HBM3E supply would likely outpace demand growth in the near term, a shift that could weigh on prices. "We are confident to provide, to make the right competitive product to the customers," Choi said. 100% TARIFFS U.S. President Donald Trump on Wednesday said the United States would impose a tariff of about 100% on semiconductor chips imported from countries not producing in America or planning to do so. Choi declined to comment on the tariffs. Trump told reporters in the Oval Office the new tariff rate would apply to "all chips and semiconductors coming into the United States," but would not apply to companies that were already manufacturing in the United States or had made a commitment to do so. Trump's comments were not a formal tariff announcement, and the president offered no further specifics. South Korea's top trade envoy Yeo Han-koo said on Thursday that Samsung Electronics and SK Hynix would not be subject to the 100% tariffs on chips if they were implemented. Samsung has invested in two chip fabrication plants in Austin and Taylor, Texas, and SK Hynix has announced plans to build an advanced chip packaging plant and an artificial intelligence research and development facility in Indiana. South Korea's chip exports to the United States were valued at $10.7 billion last year, accounting for 7.5% of its total chip exports. Some HBM chips are exported to Taiwan for packaging, accounting for 18% of South Korea's chip exports in 2024, a 127% increase from the previous year.
Yahoo
an hour ago
- Yahoo
Kyndryl Holdings Expands Global Strategic Alliance with HPE to Offer AI-Powered Solutions
Kyndryl Holdings, Inc. (NYSE:KD) is one of the Best Affordable AI Stocks to Buy. On August 6, Kyndryl Holdings, Inc. (NYSE:KD) expanded its global strategic alliance with HPE. Kyndryl's expansion with HPE is to deliver services that allow and support customer adoption of HPE Private Cloud AI, a turnkey enterprise AI factory solution co-developed with NVIDIA. To enhance these solutions for HPE, Kyndryl provides cloud deployment options designed for specific business use cases. A high-rise office building, its staff busy at work providing cybersecurity services. 'Our expanded alliance with HPE illustrates our shared commitment to driving innovation and accelerating customer implementation of private AI solutions. By bringing together HPE Private Cloud AI with NVIDIA AI Computing by HPE and Kyndryl AI consulting expertise, we can empower customers to unlock the full potential of their AI strategies in a scalable, security-rich manner,' said Nicolas Sekkaki, Global Cloud Practice Leader, Kyndryl. As part of the deal, Kyndryl Consult will offer its AI private cloud services and accelerators to assist seamless customer experience. Kyndryl will use HPE's observability, automation, and unified control plane solutions to improve the deployment and management of customer AI workloads. Kyndryl accelerators will ensure straightforward integration and optimal utilization of HPE Private Cloud AI across private and on-prem environments. The extended AI-powered solution will support customer AI private cloud uses across industries such as healthcare and financial services. Kyndryl Holdings, Inc. (NYSE:KD) provides generative AI services to enhance workplace efficiency and employee experiences. The company focuses on advancing AI enablement, building employee-centric digital workplaces, and supporting data integration with AI. While we acknowledge the potential of KD as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: 30 Stocks That Should Double in 3 Years and 11 Hidden AI Stocks to Buy Right Now. Disclosure: None. This article is originally published at Insider Monkey. Sign in to access your portfolio
