Microsoft server hack hit about 100 organizations, researchers say
Microsoft on Saturday issued an alert about "active attacks" on self-hosted SharePoint servers, which are widely used by organizations to share documents and collaborate within organisations. SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organizations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign, opens new tab targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known.
"It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other backdoors."
He declined to identify the affected organizations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure and said that most of those affected were in the United States and Germany and that the victims included government organizations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
"It's possible that this will quickly change," said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack. The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement, opens new tab that it was aware of "a limited number" of targets in the United Kingdom. A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organizations.
The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy, PwnDefend.
"Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Independent
20 minutes ago
- The Independent
Woman said she was ‘Jesus sent to eliminate evil' after killing landlord and cat
For free real time breaking news alerts sent straight to your inbox sign up to our breaking news emails Sign up to our free breaking news emails Sign up to our free breaking news emails Email * SIGN UP I would like to be emailed about offers, events and updates from The Independent. Read our Privacy notice A woman said she was 'Jesus' and had been 'sent to eliminate evil from the world' after battering her 72-year-old friend to death and stabbing his pet cat in the neck, a court has heard. Habiba Naveed, 35, previously denied the murder of her landlord Christopher Brown, but pleaded guilty to his manslaughter. She also admitted causing unnecessary suffering to his cat Snow by stabbing him in the neck on or before August 15 last year. At a hearing at the Old Bailey on Thursday, Judge Sarah Munro KC imposed a hospital order under Section 37 of the Mental Health Act and a restriction order under Section 41 – meaning Naveed can be detained indefinitely. At the time of the offence, Naveed, who has been diagnosed with paranoid schizophrenia, was 'psychotic' – while her mental health had 'deteriorated' in the days preceding the attack, the court heard. Prosecutor Kerry Broome told the court Naveed believed she had connections to the royal family and was Diana, Princess of Wales and Dodi Fayed's daughter. After the attack, Naveed told her brother 'she was Jesus and had been sent to eliminate evil from the world', and later said to police 'the devil attacked me last night and I won,' Ms Broome said. The court heard Naveed had also told police she 'slept in coffins', and Jesus had raised her from the dead. The Metropolitan Police launched an investigation after Mr Brown's body was discovered under a dressing gown in the living room of the home he shared with Naveed in Polsted Road, Lewisham, south-east London. The house cat, Snow, was also found dead having been stabbed in the neck. Ms Broome said of a previous account of the attack given by the defendant: 'She believed she had seen the deceased kill his mother and that the deceased was evil.' 'She heard a voice telling her to kill him three times,' she said, adding that Naveed hit Mr Brown with a pan and then strangled him. 'She believed the evil spirit had jumped out of the deceased and into the cat.' 'She got a knife and she cut the cat's neck,' Mr Broome added. The pair had lived together at Polsted Road for several years, during which Mr Brown was persuaded to put the property, which he had inherited from his parents, in both his and Naveed's names, the prosecutor said. The house was refurbished and lodgers were taken in, which Naveed orchestrated, the court heard. In the days leading up to the attack, Naveed's family were concerned at the state of her mental health – leading them to call 111 and call an ambulance, the hearing was told. Sentencing, Judge Munro told the defendant: 'You attacked Chris between around 11pm and 11.50pm on August 14. 'You hit Chris a number of times to the head with a saucepan which broke in the process; you then sat on him breaking his ribs and strangled him. 'You then slit the cat's throat before leaving Chris covered in a dressing gown alone and dead or dying in the living room property where he was found by Mr Rizwan (a lodger) when he returned to the house at 2.15am on 15th. 'You left a bloodied knife with which you had cut the cat's throat nearby.' She added: 'The consultant forensic psychiatrist was of the view that the injuries fitted your account which shows that you were conscious of exactly what you were doing as you killed Chris.' The judge said two psychiatrists agreed on the diagnosis of paranoid schizophrenia and that Naveed had 'no insight' into her mental health, diagnosis or symptoms. Naveed repeatedly became aggressive during previous hospital admissions and had been off her proscribed medication for a year at the time of the killing, the court heard. The defendant was a frequent user of cannabis which exacerbates her symptoms but, did not cause her psychosis, according to psychiatrists, the judge said. Mitigating factors beyond Naveed's mental illness included her lack of any serious previous offending, while aggravating factors included her use of strangulation and a weapon, the judge added. A post-mortem examination found that Mr Brown, who was a lawyer, died from blunt force trauma. In a tearful statement, a colleague from Mr Brown's law firm told the hearing that the victim would have helped anyone if he could, adding that Naveed had taken away any 'future memories'. She said: 'He wasn't just a 72-year-old-man tragically killed by his housemate, he was a solicitor, a boss, a partner, a kind man.' In a statement read out by Ms Broome, Mr Brown's cousin described him as a 'kind and caring person' who would go out of his way to help his family and his clients. Naveed attended the hearing via video-link and only spoke to confirm her identity.
Auto Express
20 minutes ago
- Auto Express
Incoming Congestion Charge change is a £75 million 'cash grab'
Proposed changes to the London Congestion Charge are set to raise tens of millions of pounds per year, with electric car drivers set to bear the biggest burden. An Auto Express Freedom of Information request submitted to Transport for London uncovered that the removal of the EV exemption to the Congestion Charge is expected to generate as much as £75 million per year – or even more if the proposed changes to the Cleaner Vehicle Discount are not implemented. Advertisement - Article continues below Such changes mean that while EVs will, from 2 January 2026, be subject to the Congestion Charge, they will be able to receive a 25 per cent discount (50 per cent for vans and other LCVs) if registered through the TfL Auto Pay system. Nevertheless, if such changes to the CVD aren't implemented as planned, EV drivers would be forced to fork out the full amount, increasing the total amount paid by everyone to TfL to a startling £83 million. It doesn't end there, however, as TfL also plans to increase the daily Congestion Charge rate from £15 to £18 from the beginning of 2026; this, covering both electric and ICE cars, is forecast to rake in at least an additional £40 million over five years, rising to as much as £55million. Skip advert Advertisement - Article continues below Combined, and taking into account overlaps with the aforementioned inclusion of EVs, TfL says it expects Congestion Charge revenue to grow from £240 million in the financial year 2024/25, to £320 million in 2026/27, essentially stuffing an extra £80 million into Sadiq Khan's pockets per year. Talking to Auto Express, a spokesperson for the AA said the association is 'bitterly disappointed that TfL is now picking on EV drivers,' pointing out how the 'incentive to get more people into zero emissions vehicles has now been swallowed up in a general cash grab.' 'London has done next to nothing to provide a park-and-ride facility on the outskirts of the city, but is happy to implement a Congestion Charge that makes people think twice about driving in,' the AA explained. This comes soon after TfL implemented tolls for the Blackwall and Silvertown tunnels — something, figures suggest, has reduced traffic by roughly 5,000 drivers per day. The Department for Transport has also decided to increase the Dart Charge Dartford Crossing toll by £1 in September; Transport Secretary, Lillian Greenwood, said current traffic levels at the crossing 'are well in excess of [its] design capacity, causing delays, congestion and journey disruption to drivers on the M25 and a range of knock-on impacts for local communities'. Did you know you can sell your car through Auto Express ? We'll help you get a great price and find a great deal on a new car, too . Find a car with the experts MG4 and MGS5 EV prices slashed in reply to Government Electric Car Grant MG4 and MGS5 EV prices slashed in reply to Government Electric Car Grant In order to boost sales, MG is announcing its own a £1,500 grant for some of its EVs Roll over diesel: EVs are now doing the big mileage in the UK Roll over diesel: EVs are now doing the big mileage in the UK The average UK electric car now covers more than 10,000 miles per year, a similar amount to the average diesel. Dacia's baby EV due in 12 months with a tiny £15k price tag Dacia's baby EV due in 12 months with a tiny £15k price tag Dacia's new model will be developed in double-quick time, and it'll be built in Europe to avoid China tariffs
Reuters
21 minutes ago
- Reuters
Alphabet results take S&P 500, Nasdaq to record highs; Dow falls
July 24 (Reuters) - The S&P 500 and the Nasdaq hit record highs on Thursday as major technology stocks rose after megacap Alphabet's robust earnings, while the Dow was weighed down by losses in IBM, UnitedHealth, and Honeywell. At 11:33 a.m. ET, the S&P 500 (.SPX), opens new tab gained 15.92 points, or 0.25%, to 6,374.83 and the Nasdaq Composite (.IXIC), opens new tab gained 53.37 points, or 0.25%, to 21,072.20. Alphabet (GOOGL.O), opens new tab rose 1.9% after the Google parent raised its 2025 capital spending forecast by $10 billion to $85 billion, shrugging off trade jitters, and reinforcing investors' confidence in AI investments and returns. Shares of Microsoft (MSFT.O), opens new tab, Nvidia (NVDA.O), opens new tab and Amazon (AMZN.O), opens new tab were up between 0.9% and 1.7%. Losses in UnitedHealth (UNH.N), opens new tab, IBM (IBM.N), opens new tab and Honeywell weighed on the blue-chip Dow (.DJI), opens new tab, which fell 0.33% - though it remained close to its December 4 record high. UnitedHealth lost 3.7%. The insurer revealed it's cooperating with a Department of Justice probe into its Medicare practices, following reports of both criminal and civil investigations. IBM dropped 8% as its second-quarter results fell flat with investors, hampered by disappointing sales in its core software division. Honeywell, meanwhile, dipped 4.6% despite topping Wall Street's expectations and raising its annual outlook. Electric vehicle maker Tesla (TSLA.O), opens new tab tumbled 9%, as CEO Elon Musk warned of "a few rough quarters" due to cuts in EV incentives. The stock has fallen about 25% for the year so far. "Tesla was declining in terms of its core business, which is automobiles, prior to his (Elon Musk) political involvement," said Thomas Hayes, chairman at Great Hill Capital. "Deliveries were going down, demand was going down and he took his eye off the ball and now it's gone down a lot." On the trade front, an EU spokesperson hinted that a deal was "within reach"—one that could slap a broad 15% tariff on imports across the 27-member bloc, according to diplomats. Meanwhile, fresh signs of progress emerged after President Donald Trump struck an agreement with Japan, slicing tariffs on Japanese goods to 15%. China and South Korea are also scrambling to clinch their own deals and sidestep Trump's hefty duties. Some of Wall Street's heavyweights were starting to feel the sting of Trump's sweeping tariffs. American Airlines (AAL.O), opens new tab fell 9.2% after forecasting a bigger-than-expected third-quarter loss, hurt by sluggish domestic travel demand. The U.S. trade war has created the biggest uncertainty for the airline industry since the COVID-19 pandemic. Markets were also monitoring Trump's surprise visit to the Federal Reserve's headquarters later in the day, which followed months of the president criticizing Fed Chair Jerome Powell for not cutting interest rates. With the Fed widely expected to hold rates steady at next week's meeting, traders are now pricing in a 60.4% chance of a September rate cut, according to CME's FedWatch tool. The latest Labor Department report showed weekly jobless claims fell to 217,000—well below estimates—signaling continued resilience in the U.S. job market. U.S. business activity gained momentum in July, but companies hiked prices on goods and services—a move that's fueling economists' predictions of faster inflation in the months ahead, largely driven by rising import tariffs. Declining issues outnumbered advancers by a 1.56-to-1 ratio on the NYSE and by a 1.7-to-1 ratio on the Nasdaq. The S&P 500 posted 41 new 52-week highs and three new lows, while the Nasdaq Composite recorded 65 new highs and 24 new lows.
