Hackers use Microsoft security flaw to commit global assault
The United States, Canada and Australia have partnered in an effort to probe how the unidentified hackers used a security weak spot in Microsoft's SharePoint collaboration software to gain access to several American federal and state agencies, as well as energy companies, universities and an Asian telecommunications company.
Microsoft announced Saturday that it "is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update."
Researchers at the Eye Security cybersecurity company first identified the weak point on Friday, explained as a "new SharePoint remote code execution vulnerability chain in the wild," it allows hackers to access the exploited SharePoint versions and steal keys that can let them impersonate users even after an affected server is patched or rebooted.
As a result, hackers can use the liability to steal passwords and sensitive data and then travel the breached network through services that connect to SharePoint, such as Outlook, Teams and OneDrive.
The SharePoint servers allow for documents to be shared and managed, and Microsoft has since released patches to defend SharePoint 2019 and SharePoint Subscription Edition servers, but a patch for SharePoint 2016 is still forthcoming.
The attack, referred to a "zero-day" incident because it used a previously unknown vulnerability, only impacts servers housed within on-premises organizations, but not cloud operations like Microsoft 365.
According to the press release from Microsoft, customers using the SharePoint Subscription Edition should "apply the security update provided in CVE-2025-53771 immediately to mitigate the vulnerability."
As for those who use SharePoint 2016 or 2019, the current guidance is to "use or upgrade to supported versions of on-premises Microsoft SharePoint Server," which are SharePoint Server 2016, 2019 and SharePoint Subscription Edition, and then apply the latest security updates.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
24 minutes ago
- Yahoo
Waabi introduces mixed reality testing system for autonomous truck safety
Waabi, an autonomous trucking technology leader, has introduced a new mixed reality testing (MRT) system that transforms the way autonomous vehicles are tested. The technology works by blending physical test environments with sophisticated virtual scenarios. In an interview with FreightWaves, Raquel Urtasun, founder and CEO of Waabi, recently talked about how this technology creates virtual scenarios for autonomous trucks operating on physical test tracks. 'In the industry, we often talk about driving in the physical world as one type of testing, and we also discuss simulation, where we run scenarios in the cloud at scale,' said Urtasun. 'But one aspect that's discussed less is how safety testing is really done today, and that's where mixed reality comes in.' Traditional safety testing for vehicles has remained largely unchanged for a century. Testing teams bring vehicles to closed tracks and conduct a limited number of scripted scenarios that require complex coordination similar to movie stunts. A downside to this approach is that it yields minimal test diversity, offers poor repeatability and avoids truly dangerous scenarios to prevent damage to test vehicles. It's also expensive. Waabi's MRT system overcomes these limitations by intercepting sensor data from the physical world and blending it with simulation. This creates an environment where autonomous trucks can safely encounter virtually unlimited dangerous situations without physical risk. 'Imagine putting goggles on a self-driving vehicle so it sees things that aren't there but reacts to them,' Urtasun explained. 'Suddenly, you can expose the system to unavoidable accidents and scenarios impossible to stage safely in the real world.' In a blog post, Waabi adds that the technology enables instantaneous creation of complex scenarios including traffic jams, dangerous driving behaviors and unpredictable pedestrian movements. The secret sauce is the use of generative AI and neural simulations rather than traditional physics-based simulation to achieve the required level of realism. This allows Waabi to create thousands of tests as vehicles drive continuously on a test track, generating precise performance metrics automatically. This technology has significantly accelerated Waabi's development process as the company reached feature-complete status earlier this year. Waabi's autonomous system now has all capabilities needed to operate without a human driver. Only Waabi and Aurora have reached this milestone in long-haul trucking. These developments come as Waabi announced back in February a strategic partnership with Volvo Autonomous Solutions to jointly develop and deploy autonomous trucks. To date, Toronto-based Waabi has raised a total of $280 million, with its most recent round, a $200 million Series B back in 2024, including participation from strategic investors Nvidia, Volvo Group Venture Capital, Porsche Automobil Holding SE, Scania Invest and Ingka Investments, among others. The post Waabi introduces mixed reality testing system for autonomous truck safety appeared first on FreightWaves.
The Verge
25 minutes ago
- The Verge
Trump threatens 100 percent tariff on computer chips with a gigantic loophole
In the very first week of his presidency, Donald Trump vowed to force silicon manufacturing back to the United States by making processors more expensive, a threat he's repeated since. Is he finally going through with that plan? Trump just announced he'll putting a 100 percent tariff on chips and semiconductors — unless your company kisses the ring like Apple CEO Tim Cook just did, perhaps. In the same live news conference where Apple announced a new $100 billion US manufacturing plan and presented Trump with a 24-karat gold and glass statue, the president explained that Apple had already done enough to escape his upcoming import taxes on chips: We're going to be putting a very large tariff on chips and semiconductors, but the good news for companies like Apple is if you're building in the United States or have committed to build without question in the United States, there will be no charge. And, it's possible that other companies already have, or easily will, meet Trump's bar for participation. Trump told the in-person and online audience that even a commitment to invest in US manufacturing may be enough to escape the tariffs. '[If you're building in the United States of America, there's no charge, even though you're building and not producing yet,' he said. 'If you've made a commitment to build or you're in the process of building, as many are, there is no tariff, OK?' Here's our transcript of Trump's full remarks on the topic: We'll be putting a tariff on of approximately 100 percent, on chips and semiconductors. But if you're building in the United States of America, there's no charge, even though you're building and not producing yet, in terms of the big numbers of jobs and all of the things that you're building. If you're building there will be no charge […] 100 percent tariff on all chips and semiconductors coming into the United States, but if you've made a commitment to build or you're in the process of building, as many are, there is no tariff, OK? If for some reason you say you're building and you don't build then we go back and add it up, it accumulates and we charge you at a later date. You have to pay, and that's a guarantee.' It's hard to think which companies a new chip tariff would apply to, as most major chipmakers already have at least some small commitment to US manufacturing. Taiwan's TSMC, which accounts for the vast majority of leading-edge chips and drew Trump's ire as a result, announced a $100 billion investment back in March. Or, perhaps, is Trump threatening tariffs on the makers of products that use chips rather than the makers of chips themselves? Apple isn't exactly a chipmaker, after all; it does design its own chips but relies on companies like TSMC to actually make them. It's also possible that Trump won't enact this particular tariff at all. After previously threatening tariffs on chips in January and February, the Trump administration excluded them from tariffs come April. Trump did not say when new chip tariffs might happen. Trump's new general reciprocal tariffs on dozens of countries go into effect tomorrow, August 7th. In July, AMD CEO Lisa Su revealed that TSMC's US-made chips would cost it an extra 5 to 20 percent more than ones made overseas. Posts from this author will be added to your daily email digest and your homepage feed. See All by Sean Hollister Posts from this topic will be added to your daily email digest and your homepage feed. See All News Posts from this topic will be added to your daily email digest and your homepage feed. See All Policy Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech
The Verge
27 minutes ago
- The Verge
Another 'tea' app is reportedly leaking users' personal information.
Posted Aug 6, 2025 at 10:20 PM UTC Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates. Lauren Feiner Posts from this author will be added to your daily email digest and your homepage feed. See All by Lauren Feiner Posts from this topic will be added to your daily email digest and your homepage feed. See All News Posts from this topic will be added to your daily email digest and your homepage feed. See All Privacy Posts from this topic will be added to your daily email digest and your homepage feed. See All Security Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech
