Microsoft releases urgent fix for SharePoint vulnerability being used in global cyberattacks
The company issued an alert to customers Saturday saying it was aware of the zero-day exploit - where hackers take advantage of a previously unknown vulnerability - being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software.
Cyber criminals often use zero-day exploits to steal sensitive data and passwords. The vulnerability also could allow hackers to access services connected to SharePoint, including OneDrive and Teams.
The company said in its blog post that it discovered at least dozens of systems were compromised around the world. Security engineers stated the attacks occurred in waves on July 18 and 19.
Although the scope of the attack is still being assessed, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Kuwait Times
a day ago
- Kuwait Times
Microsoft warns Chinese hackers targeting customers
SAN FRANCISCO: Chinese state-sponsored hackers are actively exploiting critical security vulnerabilities in users of Microsoft's popular SharePoint servers to steal sensitive data and deploy malicious code, the US tech giant warned Tuesday. Microsoft said it has observed three threat groups—dubbed Linen Typhoon, Violet Typhoon, and Storm-2603 –- targeting internet-facing SharePoint servers using two newly disclosed vulnerabilities that allow attackers to bypass authentication and execute remote code. SharePoint Server is Microsoft's collaboration and document management platform designed for businesses and organizations. Many large organizations use SharePoint as their primary platform for internal collaboration and for storing documents, and is appreciated for working well with other Microsoft products like Office, Teams, and Outlook. The attacks, which Microsoft said began as early as July 7, affect only on-premises SharePoint installations and do not impact the cloud-based SharePoint Online service, the company said in a security bulletin. Microsoft warned that it 'assesses with high confidence' that the threat actors will continue their assault against vulnerable systems where companies haven't taken the necessary precautions. The vulnerabilities allow attackers to spoof authentication credentials and execute malicious code remotely on vulnerable servers. Microsoft has released comprehensive security updates to address the malware and urged customers to apply the patches immediately. In their successful attacks, the Chinese hackers deployed malicious code that provides backdoor access to compromised systems. The attackers used these tools to steal machine encryption keys and maintain access to targeted networks. Linen Typhoon, active since 2012, primarily focuses on intellectual property theft from government, defense, and human rights organizations. Violet Typhoon, operating since 2015, conducts espionage against former government officials, NGOs, think tanks, and media organizations across the United States, Europe, and East Asia. Storm-2603, which Microsoft assesses with 'medium confidence' to be China-based, has previously deployed ransomware but its current objectives remain unclear. Research from cybersecurity company Check Point said the campaign began on July 7 against a major Western government and that the attacks intensified dramatically around July 18. Since then, researchers have confirmed dozens of compromise attempts primarily targeting organizations in North America and Western Europe, Check Point said in a blog post. –AFP
Arab Times
a day ago
- Arab Times
US stocks hit more records following US-Japan trade deal
NEW YORK, July 24, (AP): US stocks set more records on Wednesday following a trade deal between the world's No. 1 and No. 4 economies, one that would lower proposed tariffs on Japanese imports coming to the United States. The S&P 500 added 0.8% to its all-time high. The Dow Jones Industrial Average rallied 507 points, or 1.1%, and the Nasdaq composite climbed 0.6% to hit its own record. Stocks jumped even more in Tokyo, where the Nikkei 225 rallied 3.5% after President Donald Trump announced a trade framework that would place a 15% tax on imports coming from Japan. That's lower than the 25% rate that Trump had earlier said would kick in on Aug. 1. "It's a sign of the times that markets would cheer 15% tariffs,' said Brian Jacobsen, chief economist at Annex Wealth Management. "A year ago, that level of tariffs would be shocking. Today, we breathe a sigh of relief.' Trump has proposed stiff taxes on imports from around the world, which carry the double-edged risk of driving up inflation for US households while slowing the economy. But many of Trump's tariffs are currently on pause, giving time to reach deals with other countries that could lower the tax rates. Trump also announced a trade agreement with the Philippines on Tuesday. So far, the US economy has seemed to hold up OK despite the pressures on it. And tariffs already in place may be having less of an effect than expected, at least when it comes to the prices that US households are paying at the moment. "The main lesson about tariffs so far is that passthrough to consumer prices is tracking somewhat lower than in 2019,' according to Goldman Sachs economist David Mericle. Tariffs are certainly having an effect, to be sure, as big US companies across industries have been showing through their profit updates in recent days. Hasbro took a $1 billion, non-cash hit to its results for the spring to write down the value of some of its assets following a review triggered by the implementation of tariffs. It said tariffs have had no impact yet on how much profit it's making from each $1 of its sales, but it expects to see costs ramp during the current quarter.
Arab Times
2 days ago
- Arab Times
Trump to reveal ‘AI Action Plan' shaped by his Silicon Valley supporters
WASHINGTON, July 23, (AP): An artificial intelligence agenda formed on the podcasts of Silicon Valley billionaires is now being set into US policy as President Donald Trump leans on the ideas of the tech figures who backed his election campaign. Trump plans on Wednesday to reveal an "AI Action Plan' he ordered after revoking President Joe Biden's signature AI guardrails. The plan and related executive orders are expected to include some familiar tech lobby pitches: accelerating the sale of AI technology abroad and making it easier to construct the energy-hungry data center buildings that are needed to form and run AI products, according to a person briefed on Wednesday's event who was not authorized to speak publicly and spoke on condition of anonymity. It might also include some of the AI culture war preoccupations of the circle of venture capitalists who endorsed Trump last year. The tech industry has pushed for easier permitting to get huge data centers connected to power and water - even if it means consumers losing drinking water and paying higher energy bills. On Tuesday, 95 groups including labor unions, parent groups, environmental justice organizations and privacy advocates signed a resolution opposing Trump's embrace of industry-driven AI policy and calling for a "People's AI Action Plan' that would "deliver first and foremost for the American people.' Amba Kak, co-executive director of the AI Now Institute, which helped lead the effort, said the coalition expects Trump's plan to come "straight from Big Tech's mouth.' "Every time we say, 'What about our jobs, our air, water, our children?' they're going to say, 'But what about China?'' she said Tuesday. She said Americans should reject the White House's argument that artificial intelligence is overregulated, and fight to preserve "baseline protections for the public.' Sacks, a former PayPal executive and now Trump's top AI adviser, has been criticizing "woke AI' for more than a year, fueled by Google's February 2024 rollout of an AI image generator that, when asked to show an American Founding Father, created pictures of Black, Asian and Native American men. Google quickly fixed its tool, but the "Black George Washington' moment remained a parable for the problem of AI's perceived political bias, taken up by X owner Elon Musk, venture capitalist Marc Andreessen, Vice President JD Vance and Republican lawmakers. "The AI's incapable of giving you accurate answers because it's been so programmed with diversity and inclusion,' Sacks said at the time. Elon Musk's xAI, pitched as an alternative to "woke AI' companies, had to scramble this month to remove posts made by its Grok chatbot that made antisemitic comments and praised Adolf Hitler. The All-In Podcast is a business and technology show hosted by four tech investors and entrepreneurs including Trump's AI czar, David Sacks. The plan and related executive orders to be announced late Wednesday afternoon are expected to include some familiar tech lobby pitches - including accelerating the sale of AI technology abroad and making it easier to construct the energy-hungry data center buildings needed to run AI products, according to a person briefed on Wednesday's event who was not authorized to speak publicly and spoke on condition of anonymity. It might also include some of the AI culture war preoccupations of the circle of venture capitalists who endorsed Trump last year.
