US warns about Microsoft Sharepoint cyber vulnerability
Computer security experts say hackers have exploited the loophole and potentially compromised private and public computer networks in the US.
The individual or groups behind the software exploitation is not yet known.
'The incident reveals the growing sophistication of threat actors who have gained internal access to an environment and can now leverage existing resources (like Microsoft Exchange, SharePoint,) to conduct nefarious missions beyond just ransomware attacks, like 'wiper' malware that deletes data,' said Morey Haber, a chief security adviser at cyber security company BeyondTrust.
Mr Haber said Microsoft appears to have responded quickly once the vulnerability to Sharepoint was identified, but added that for some, it might be too little, too late.
'Considering the speed of exploitation, some organisations may be waking up Monday morning to a fresh series of attacks,' he explained.
The various editions of Microsoft Sharepoint are also making it more difficult to provide a one-size-fits-all solution.
Microsoft pointed out that it released a security update for SharePoint 2019, and that other fixes would be on the way.
'We are actively working on updates for SharePoint 2016,' the Redmond, Washington software company posted on X.
Santiago Pontiroli, lead researcher at cyber protection company Acronis, shared more some perspective as to the scale and affect of the cyber attack.
'This incident continues a trend of high-impact attacks against Microsoft infrastructure, including the Exchange mass exploitation in 2021 and the 2023 cloud email breach,' he said.
'Over the past several years, state-aligned and advanced persistent threat groups have repeatedly abused vulnerabilities in Microsoft platforms to gain initial access, steal sensitive data, and establish long-term footholds in enterprise networks.'
Microsoft does, however, invest heavily in trying to prevent such breaches from occurring.
Federal law enforcement agencies regularly work with the company and have a presence at the company's cyber crime centre in Redmond.
That said, Mr Pontiroli pointed out that cyber security is a continuing game of whack-a-mole, and that companies and entities using Sharepoint should take it seriously.
'Organisations still running on-premises SharePoint need to act now,' he said. 'Apply the latest updates, monitor for signs of compromise, and assume exposure if systems were only partially patched.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The National
3 hours ago
- The National
Mark Zuckerberg celebrates as Threads closes gap with X
Meta founder and chief executive Mark Zuckerberg celebrated as the company's Threads platform passed 400 million active users, closing a gap with Elon Musk's X. Various estimates indicate that X, which went live in 2006 as Twitter, has between 500 million and 600 million active monthly users. "Threads on the up and up," Mr Zuckerberg posted on the platform with a fire emoji. Adam Mosseri, who leads Meta's Instagram app and briefly oversaw Threads, also hailed the news. "This started as a zany idea to compete with Twitter and has evolved into a meaningful platform that fosters the open exchange of perspectives," Mr Mosseri wrote. He said those at Meta working on Threads know there is more work to be done to keep the user base growing. b "I'm grateful to all of you for making this place what it is today," Mr Mosseri said. Meta hastened the development of Threads in 2023 and launched it shortly after Elon Musk's acquisition of Twitter caused significant concern and controversy among users who worried about the world's richest person withdrawing various fact-checking and hate speech policies, among other changes. In the initial description for the app on Apple iOS App Store, Meta said it wanted Threads to be a place 'where communities come together to discuss everything from the topics you care about today to what you'll care about tomorrow'. Because the app was paired heavily with Meta's Instagram accounts, it was quickly able to accumulate 100 million users in its first week, alengagement time on the app initially struggled to grow. The similarity of Threads to X at the time prompted Mr Musk's company to send a letter to Meta alleging 'wilful and unlawful misappropriation of Twitter's trade secrets and other intellectual property'. But there was no specific litigation. The decision by Meta to pair the app with Instagram and make the sign-up process significantly easier increased interest in the platform. But it also caused scrutiny in countries such as Turkey, where regulators accused the app of breaching data-sharing policies due to its tie-in with Instagram. Meta also later made tweaks to Threads to comply with data-sharing rules, among other policies in the EU. While there is still much debate over how much time users are spending on Threads, it has managed to provide an alternative to X, which continues to operate under a cloud of scrutiny due to Mr Musk's recent forays into politics.
Gulf Business
11 hours ago
- Gulf Business
Three cyber safety tips for executives working while travelling
Image: Getty Images In today's era of hybrid work, going on holiday no longer means disconnecting from the office entirely. Thanks to widespread connectivity—available at airports, train stations, hotels, restaurants, and most public indoor spaces—many professionals blend work and leisure, accessing free Wi-Fi or reliable 4G/5G coverage from virtually anywhere. However, this constant connectivity has also caught the attention of cybercriminals. Ahead of the Summer Olympic and Paralympic Games, Kaspersky experts analysed nearly 25,000 free Wi-Fi hotspots in Paris, finding that almost 25 per cent had weak or no encryption—putting travellers at risk of personal and financial data theft. The unfamiliarity of new surroundings and potential language barriers can create ideal conditions for cyberattacks, meaning business travellers must take extra precautions when logging on. Kaspersky outlines three essential tools and practices for staying secure while working on the move: 1. Use a VPN for secure connections A VPN encrypts internet traffic, preventing hackers from intercepting sensitive information such as login credentials or financial details. This is critical when accessing work emails or corporate files on public Wi-Fi. 2. Switch to an eSIM for secure mobile data An eSIM enables travellers to access local mobile networks without a physical SIM card, helping avoid roaming fees and reducing reliance on unsecured Wi-Fi. With an eSIM, data plans can be downloaded in advance, ensuring instant connectivity upon arrival. Services like the Kaspersky eSIM Store allow users to purchase, activate, track, and top up data plans through a single app. 3. Enable two-factor authentication (2FA) 2FA adds an extra layer of protection for critical accounts, particularly important when devices may be left unattended during travel. Kaspersky further advises travellers to combine these measures with robust, real-time cybersecurity solutions. Comprehensive tools such as Read: By combining a VPN, eSIM, 2FA, and advanced antivirus software, professionals can work securely from anywhere—whether emailing from a poolside or joining a meeting from a festival venue.
Zawya
12 hours ago
- Zawya
Rubrik and Sophos to deliver Microsoft 365 cyber resilience with new partnership
Dubai, United Arab Emirates – Rubrik (NYSE: RBRK), the cybersecurity company, and Sophos, a global leader of innovative security solutions for defeating cyberattacks, today announced a strategic partnership to provide Sophos M365 Backup and Recovery Powered by Rubrik. This marks the first Managed Detection and Response (MDR)-optimized Microsoft 365 backup and recovery solution fully integrated into Sophos Central, Sophos' security operations platform. Designed to support IT and cybersecurity teams, the new offering will provide a unified global platform to enhance cyber resilience against ransomware, account compromise, insider threats, and data loss in SharePoint, Exchange, OneDrive, and Teams. "We are reshaping what it means to stay operational in a world shaped by constant digital disruption,' said Joe Levy, CEO, Sophos. 'This is the future of cyber resilience: an intelligent, adaptive partnership that ensures organizations remain secure, responsive, and uninterrupted. By combining Sophos' prevention-first approach with Rubrik's unwavering recovery capabilities, we empower businesses to withstand attacks and maintain continuity, even under pressure." Sophos will offer a powerful new add-on solution for its more than 75,000 MDR and XDR customers—enabling fast, secure recovery of critical Microsoft 365 data in the event of accidental deletion or malicious compromise. This solution integrates Rubrik's industry-leading SaaS-based protection directly into the trusted Sophos Central platform, giving organizations the flexibility to enhance their existing security operations with robust data recovery capabilities. The Sophos Central platform integrates over 350 different telemetry sources across endpoint, cloud, network, identity, email and business applications. The platform leverages deep learning, custom LLMs, and frontier models to detect and respond to threats across the entire attack surface, enhancing defense effectiveness. "The reality of today's threat landscape demands a holistic approach to cyber resilience," said Bipul Sinha, CEO, Chairman, and Co-founder of Rubrik. "With AI-enabled attacks and sophisticated breaches on the rise, organizations need more than just prevention; they need the ability to recover rapidly and reliably. Our partnership with Sophos delivers this critical capability directly within a platform security teams already use and trust, raising the bar for Microsoft 365 resilience." The Evolving Threat Landscape According to The State of Ransomware report by Sophos, nearly half of organizations impacted by ransomware chose to pay the ransom to recover their data. Despite this, only 54% of affected companies relied on backups for data restoration, highlighting a continued gap in effective cyber resilience practices. Recent research highlights the urgent need for robust Microsoft 365 data protection: 60% of Microsoft 365 tenants have experienced account takeovers, a frequent launchpad for lateral movement within an organization, and 81% have encountered email compromise. When global admin credentials are compromised, attackers can manipulate retention settings and permanently delete critical business data. Existing tools were not designed for comprehensive, large-scale recovery, which requires speed, granularity, and reliability for rapid restoration. Sophos MDR and XDR customers will benefit from: Secure, immutable backups : Rubrik will isolate Microsoft 365 backups with air-gapped storage, WORM locks, and customer-held encryption keys. Multifactor authentication and data lock prevent tampering—even with compromised credentials. : Rubrik will isolate Microsoft 365 backups with air-gapped storage, WORM locks, and customer-held encryption keys. Multifactor authentication and data lock prevent tampering—even with compromised credentials. Fast, flexible recovery : Customers will be able to restore Microsoft 365 emails, OneDrives, SharePoint sites, Teams channels, and more to original or alternate users, including inactive accounts. : Customers will be able to restore Microsoft 365 emails, OneDrives, SharePoint sites, Teams channels, and more to original or alternate users, including inactive accounts. Automated protection : Rubrik will automatically discover Microsoft 365 users, sites, and mailboxes, applies Entra ID-based policies, and supports delegated admin – all integrated with Sophos Central to reduce manual effort. : Rubrik will automatically discover Microsoft 365 users, sites, and mailboxes, applies Entra ID-based policies, and supports delegated admin – all integrated with Sophos Central to reduce manual effort. Unified experience: Microsoft 365 protection and security operations will be managed via Sophos Central with no extra tools. Rubrik and Sophos' shared commitment to helping organizations operate with confidence in the face of risk, will provide Sophos customers and partners with a powerful solution to recover with speed and precision when threats inevitably break through. This offering will be available through Sophos' channel partner network in the coming months. About Rubrik Rubrik (NYSE: RBRK) is on a mission to secure the world's data. With Zero Trust Data Security™, we help organizations achieve business resilience against cyberattacks, malicious insiders, and operational disruptions. Rubrik Security Cloud, powered by machine learning, secures data and identity across enterprise, cloud, and SaaS applications. We help organizations uphold data integrity, deliver data availability that withstands adverse conditions, continuously monitor data risks and threats, and restore businesses with their data when infrastructure is attacked. About Sophos Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 30,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K.
