Microsoft issues urgent patch as SharePoint exploit spreads globally: How to stay safe online
Over the weekend, Microsoft issued a critical security alert warning of 'active attacks' on on-premise SharePoint servers, widely used by organisations and government bodies to manage and share internal documents. Notably, the tech giant clarified that SharePoint Online, part of its Microsoft 365 cloud suite, was not affected by the exploit, which is being classified as a "zero-day" vulnerability, meaning it was previously unknown to cybersecurity professionals.
Rafe Pilling, Director of Threat Intelligence at British cybersecurity firm Sophos, indicated that evidence pointed towards a single entity executing the campaign. 'Based on the consistency of the tradecraft seen across observed attacks, the campaign launched on Friday appears to be a single actor. However, it is possible that this will quickly change,' Pilling noted. He highlighted the use of identical digital payloads across various targets as a significant indicator of a singular source.
While Microsoft confirmed that it had released security updates to address the flaw, the company urged users to install the patches without delay. However, cybersecurity experts caution that remediation may require more than just patch deployment.
Daniel Card, of the UK-based consultancy PwnDefend, warned that the scope of the attack suggested a broad level of compromise. 'The SharePoint incident appears to have created a broad level of compromise across a range of servers globally. Taking an assumed breach approach is wise, and it is also important to understand that just applying the patch is not all that is required here,' he said.
According to Shodan, a search engine that indexes internet-connected devices, over 8,000 SharePoint servers currently accessible online may have already been exposed to the exploit. These include systems belonging to prominent industrial companies, financial institutions, healthcare providers, auditors, and multiple U.S. state and international government organisations.
The identity of the attacker remains unknown. Moreover, the US Federal Bureau of Investigation (FBI) acknowledged the incident on Sunday, stating that it was working alongside both federal partners and private sector entities to assess the situation.
Meanwhile, the UK's National Cyber Security Centre has yet to respond publicly.
The Washington Post reported that unidentified cyber actors had recently leveraged the SharePoint vulnerability to target both American and international agencies, suggesting the campaign could have extensive geopolitical ramifications.
(With inputs from Reuters)
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Hindustan Times
7 minutes ago
- Hindustan Times
TikTok launches crowd-sourced debunking tool ‘Footnotes' in US
TikTok on Wednesday rolled out a crowd-sourced debunking system in the United States, becoming the latest tech platform to adopt a community-driven approach to combating online misinformation. TikTok said nearly 80,000 US-based users, who have maintained an account for at least six months, have qualified as Footnotes contributors.(Representative image/unsplash) Footnotes, a feature that the popular video-sharing app began testing in April, allows vetted users to suggest written context for content that might be wrong or misleading -- similar to Community Notes on Meta and X. "Footnotes draws on the collective knowledge of the TikTok community by allowing people to add relevant information to content," Adam Presser, the platform's head of operations and trust and safety, said in a blog post. "Starting today, US users in the Footnotes pilot program can start to write and rate footnotes on short videos, and our US community will begin to see the ones rated as helpful -- and rate them, too," he added. TikTok said nearly 80,000 US-based users, who have maintained an account for at least six months, have qualified as Footnotes contributors. The video-sharing app has some 170 million US users. TikTok said the feature will augment the platform's existing integrity measures such as labeling content that cannot be verified and partnering with fact-checking organizations, such as AFP, to assess the accuracy of posts on the platform. The crowd-sourced verification system was popularized by Elon Musk's platform X, but researchers have repeatedly questioned its effectiveness in combating falsehoods. Earlier this month, a study found more than 90 percent of X's Community Notes are never published, highlighting major limits in efficacy. The Digital Democracy Institute of the Americas (DDIA) study analyzed the entire public dataset of 1.76 million notes published by X between January 2021 and March 2025. TikTok cautioned it may take some time for a footnote to become public, as contributors get started and become more familiar with the feature. "The more footnotes get written and rated on different topics, the smarter and more effective the system becomes," Presser said. Tech platforms increasingly view the community-driven model as an alternative to professional fact-checking. Earlier this year, Meta ended its third-party fact-checking program in the United States, with chief executive Mark Zuckerberg saying it had led to "too much censorship." The decision was widely seen as an attempt to appease President Donald Trump, whose conservative base has long complained that fact-checking on tech platforms serves to curtail free speech and censor right-wing content. Professional fact-checkers vehemently reject the claim. As an alternative, Zuckerberg said Meta's platforms, Facebook and Instagram, would use "Community Notes." Studies have shown Community Notes can work to dispel some falsehoods, like vaccine misinformation, but researchers have long cautioned that it works best for topics where there is broad consensus. Some researchers have also cautioned that Community Notes users can be motivated to target political opponents by partisan beliefs.
Mint
7 minutes ago
- Mint
Invisalign maker Align Technology cuts annual revenue forecast on weak demand
(Corrects day to Wednesday in paragraph 1) July 30 (Reuters) - Teeth aligner maker Align Technology on Wednesday cut its annual revenue growth forecast as macroeconomic uncertainties weighed on demand for its dental products, sending the company's shares about 30% lower in extended trading. The company, which makes Invisalign teeth aligners and other dental products, now expects 2025 revenue growth to be flat to slightly up from 2024, compared with its earlier forecast range of 3.5% to 5.5%. "Recent dental industry surveys for the second quarter suggest there was less overall patient traffic, fewer orthodontic case starts, and patient hesitation toward elective procedures," President and CEO Joe Hogan said in a statement. "As we begin the third quarter and plan for the remainder of the year, our outlook anticipates the potential continued economic uncertainty and spending hesitancy that impacted demand for our clear aligners and new iTero scanner systems in the second quarter." The company said it expects to realign certain business groups and reduce its global workforce, but did not give details on the job cuts. It also plans to optimize its manufacturing footprint by increasing automation and regionalize manufacturing to be closer to its customers, the company said. It expects to incur one-time charges of about $150 million to $170 million in the second half of 2025. Align Technology reported revenue of $1.01 billion, down 1.6% from last year and below analysts' estimates of $1.06 billion, according to data compiled by LSEG. The Tempe, Arizona-based company, expects its third-quarter revenue to range between $965 million to $985 million, the mid-point of which was below analysts' estimates of $1.04 billion. On an adjusted basis, the company earned $2.49 per share for the quarter ended March 31, compared with estimates of $2.57 per share. (Reporting by Bageshri Banerjee in Bengaluru; Editing by Leroy Leo)
News18
17 minutes ago
- News18
Russia bans Ooklas Speedtest fearing internet disruption
Agency: Moscow, Jul 30 (PTI) Amid warnings of a drop in the speed of mobile internet services, Russia has blocked US-based internet speed-measuring tool Speedtest, citing potential threats to its network, according to local media reports. According to Roskomnadzor (RKN), Russia's communications watchdog, the Speedtest by Ookla poses a threat to the internet in Russia because it allows the analysis of the connection speed and latency. Experts claim this data is crucial for remotely piloted attacker drones. Interfax reported that Ookla was fined in 2022 and 2023 for failing to localise data of Russian users of the service. Meanwhile, RKN has warned users about the drop in the speed of mobile internet and advised them to use WiFi and cable-linked internet services as a precautionary measure amid frequent drone attacks by Ukraine. Even in Moscow, there are blank spots in GPS coverage due to reduced internet speed. Consequently, the taxi arrives before one sees it coming on the map. PTI VS AMJ AMJ view comments First Published: July 31, 2025, 03:45 IST Disclaimer: Comments reflect users' views, not News18's. Please keep discussions respectful and constructive. Abusive, defamatory, or illegal comments will be removed. News18 may disable any comment at its discretion. By posting, you agree to our Terms of Use and Privacy Policy.
