&w=3840&q=100)
SharePoint breach cast shadow on Microsoft's cybersecurity revamp
Battered by its role in several major hacks, the software giant in late 2023 vowed to overhaul its cybersecurity, in a project called the Secure Future Initiative. The April report noted significant advances, including fostering a 'security-first mindset' in employees and making strides in meeting engineering goals.
'Our progress will not be linear,' the report added.
It didn't take long to prove the company's point. On Tuesday, Microsoft accused three Chinese hacking groups, two tied to the government in Beijing, of exploiting flaws in SharePoint document management software as part of a global campaign that's targeted businesses and government agencies, including the US Department of Education.
Attackers have exploited the flaws since July 7, according to cybersecurity researchers.
The full extent of the damage isn't yet clear. The flaws apply to SharePoint customers who manage the software on their own networks, as opposed to on the cloud. That limits potential victims — though the number could still be significant given Microsoft's reach.
Roger Cressey, a former cybersecurity official under presidents Bill Clinton and George W. Bush, said errors at organizations as dominant as Microsoft have high stakes and changes are hard to make given its size.
'When you have one provider so omnipresent in our digital ecosystem, the blast radius of their mistakes is enormous,' said Cressey, a partner at Mountain Wave Ventures, whose clients include some Microsoft competitors. 'It's another reminder that Microsoft's failure on making security a priority is impacting our national and economic security.'
Microsoft quickly rolled out patches for the flaws, though it said in a blog post Tuesday that it had 'high confidence' that hackers would continue to use the flaws to attack unpatched SharePoint systems.
The intrusion is another public relations headache for a company trying to bolster its cyber defenses and reputation. Microsoft is the world's largest software vendor, making it a target for cyber-spies and criminals. It is also the biggest seller of cybersecurity products.
'As part of the Secure Future Initiative, we're focused on accelerating and strengthening our security incident response,' said Microsoft spokesman Frank Shaw. 'In this case, we acted quickly, delivering detailed customer guidance and releasing three new security updates within 72 hours to help protect against adversary attacks.'
There's little evidence that previous major cyberattacks tied to Microsoft have hurt the company's bottom line. Anurag Rana, a senior analyst at Bloomberg Intelligence, said it could even help Microsoft by convincing customers to move SharePoint to the tech giant's cloud, which he described as safer and cheaper in the long run.
What's less clear is what impact the latest breach will have on Microsoft's efforts to repair its cybersecurity credentials and appease long-term critics.
One of them, US Senator Ron Wyden, a Democrat from Oregon, said government agencies have become dependent on 'a company that not only doesn't care about security but is making billions of dollars selling premium cybersecurity services to address the flaws in its products.'
'Each hack caused by Microsoft's negligence results in increased government spending on Microsoft cybersecurity services,' Wyden said in a statement, when asked to respond to the SharePoint vulnerabilities. 'The government will never escape this cycle unless it stops rewarding Microsoft.'
In its April report, Microsoft described the Secure Future Initiative as an ambitious undertaking that would take years. For instance, out of 28 engineering objectives, five are nearing completion, 11 have made significant progress and Microsoft continues to work on the others.
'The threat landscape will continue to evolve, resulting in new vulnerabilities and security incidents,' according to the report. 'Technology will advance, creating new ways to improve security and new issues to address. Each of these is an opportunity to work with our customers and the industry to strengthen our collective defenses.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Mint
7 minutes ago
- Mint
Adani Group denies any collaboration reports with BYD and Beijing Welion New Energy Technology
Adani Group on Monday strongly refuted recent media reports suggesting any form of collaboration with Chinese companies BYD or Beijing WeLion New Energy Technology for battery manufacturing or clean energy ventures in India. In an official filing to the stock exchanges, Adani Enterprises Ltd — the flagship entity of the conglomerate — dismissed the report published by Bloomberg on August 4, 2025, which claimed that the group was exploring strategic partnerships with the two Chinese firms. 'No collaboration being explored,' says Adani Group 'We categorically deny Bloomberg's report suggesting a tie-up between the Adani Group and Chinese companies BYD and Beijing Welion New Energy Technology. This report is baseless, inaccurate and misleading,' the company said in its statement. The group clarified that it is not exploring any form of collaboration with BYD for battery manufacturing in India, nor is it in discussions with Beijing WeLion for any kind of partnership. Earlier in the day, Bloomberg reported that the Adani Group was in discussions with Chinese electric vehicle (EV) giant BYD to establish a battery manufacturing partnership in India. The potential tie-up, according to the report, was seen as part of Adani's broader strategy to expand into clean energy and lithium-ion cell production. As per the Bloomberg article, Gautam Adani was said to be personally steering the negotiations with BYD, with meetings reportedly taking place as recently as last week. The proposed collaboration aimed to support large-scale manufacturing of lithium-ion batteries, which are vital for both electric mobility and stationary energy storage systems. The report highlighted that Adani's existing dominance in solar power generation, combined with BYD's leadership in battery technology and its position as the world's largest EV seller, made them natural allies in the clean energy space. Bloomberg also pointed out that Chinese firms continue to lead in affordable and advanced rechargeable battery technology, a domain considered crucial for achieving Adani's ambitious green energy goals. Furthermore, the report suggested that these talks were still at an early stage and might not materialize. It also claimed that Adani was exploring similar partnerships with other Chinese renewable energy firms, including Beijing WeLion New Energy Technology, while keeping discussions open with European and South Korean battery manufacturers. However, Chinese players were reportedly offering the most attractive value-for-money proposition. While denying these alleged collaborations, the group reiterated its commitment to India's energy transition through its ongoing clean energy initiatives. Adani Group has built a substantial clean energy portfolio across solar, wind, and green hydrogen verticals. The group is currently expanding its solar module manufacturing capacity to 10 gigawatts (GW) per annum and plans to nearly double its wind turbine production capacity to 5 GW per annum. It is also actively pursuing the development of a facility for manufacturing electrolysers, a critical component used in green hydrogen production. Disclaimer: The views and recommendations made above are those of individual analysts or broking companies, and not of Mint. We advise investors to check with certified experts before making any investment decisions.
Indian Express
7 minutes ago
- Indian Express
What India can learn from the maritime prowess of the Cholas
By N Manoharan and Diya Parthasarathy In his recent public address at Gangaikonda Cholapuram, Tamil Nadu, Prime Minister Modi pointed out the legacy of the Cholas in various arenas, especially in the maritime domain. But one wonders what the larger context of the Cholas' maritime ventures was, and how relevant it is today. Understanding the Cholas' maritime ventures is necessary to realise India's maritime tradition. Acknowledging this, a decade back, the Centre released a stamp to commemorate the contribution of Cholas in laying 'a strong foundation for promotion of trade, commerce and cultural exchanges which brought fabulous economic prosperity and expansion of Indian culture and heritage across the Indian Ocean to the land of South East Asia.' The Indian Navy undertook the 'Chola Expedition' in 2008 to replicate the 'invasion' of Srivijaya kingdom (Sumatra, Southeast Asia) by Rajendra Chola I in 1017 CE. By comprehending maritime ventures during the Chola period, it is possible to understand the present Chinese ventures in the Indian Ocean under the garb of the Belt and Road Initiative. The Chinese indeed had trade connections, but not in the present form of economically tethering countries along the Maritime Silk Route. There were two main interlinked drivers for the Cholas' maritime projection: Mercantilism and military expansion. At the turn of the first millennium, the trade patterns witnessed a transformation from pre-emporia to emporia. Pre-emporia trade denoted shipping of goods directly from the source of production to the place of consumption. Whereas, the emporia trade pattern meant that several intermediate ports catered to the breaking up of bulk goods for retail sales and purchases. Coinciding with such a change in trade pattern was the rise of 'corporate empires' like the Cholas, the Srivijaya Empire, the Khmer Kingdom of Cambodia, Champa in Vietnam, and the Song Dynasty in China. Varieties of goods were traded among the ports of these regions that included metals, spices, perfumes, cosmetics, precious stones, textiles, and even animals like elephants and horses. Significantly, customs levied on these goods that transited through seas constituted a chunk of the coffers of corporate empires. Though such a financial network gave a kind of order in these 'corporate' empires, it also led to disputes among those empires that tried to arm-twist the transiting trading crafts to serve their economic and political interests. The dispute started when the Srivijayans became avaricious and imposed a high levy for the passage of goods carriers through Southeast Asia. The Cholas did not take it kindly and wanted to get away from the 'Malacca dilemma' posed by the Southeast Asian kingdom. The Srivijaya rulers were also trying to control the land crossing across Kra Isthmus. Rajendra Chola went on to occupy Malaysia to control the Malacca Straits and also acquired Java and Sumatra by defeating Sailendra rulers during his Digvijaya. As China emerged as a leading trading point and market, securing sea lanes of communication became imperative. The Chinese considered the Cholas ('Chulian' by the Chinese) as a 'first-class' trade partner. Chola kings wanted to send a clear message to the Chinese that they would not hesitate to use military options against the obstructing elements (both state and non-state) to ensure the free flow of goods. This 'choke point syndrome' pervades even today, although the Chinese are more worried now than the Indians were then. To achieve the above two objectives, the Cholas depended on a strong and well-organised navy that was built over a period of time. Kings used to get a good deal of their income from trade and could thus afford to maintain a large and powerful navy without exhausting their land revenue base. The Chola Navy consisted of an armada of ships that were constructed and used for trade purposes. According to historical records, the Chola armada comprised destroyers, frigates and battleships. Apart, they used colandia, large expeditionary vessels, and sangara, large oceangoing single log vessels, to transport troops and logistics. These ships had the capability and experience to travel long distances. Kattumarams were small boats of wood tied together to float in shallow waters and to move goods from large ships to shore, and also to make amphibious attacks. The Chola Navy also included a strong intelligence wing to track intrusion of foreign naval forces. The Chola seafarers mostly used winds, heavenly bodies and currents to sail across seas. The kings were said to have encouraged the study of astronomy, geography and cartography as part of their maritime expeditions. A specialised study on the science of shipping and ship-building was patronised and pursued. Apart from commercial and trade interests, there were larger politico-strategic and cultural drivers behind the maritime ventures of the Cholas. They had to prove their might both in peninsular India and in the maritime neighbourhood. They had to protect trade routes and traders of Tamilagam. It was, in fact, a matter of survival and pride. Also, as Saivites, they considered it their religious duty to carry Saivism beyond Indian shores. Such drivers are true in the present context as well. It is intriguing to note why the Cholas did not pay attention to West Asia and Africa as much as they focused on South and Southeast Asia. One wonders whether it was because of the quantum of direction of trade that was flowing mostly from the west to the east, or did the Cholas consider Africa and West Asia beyond their reach? This aspect needs a fresh enquiry. Manoharan is Director, and Diya is a Researcher at the Centre for East Asian Studies, Christ University, Bangalore
India.com
7 minutes ago
- India.com
Think Twice Before Taking Big Loans': Zoho Co-founder Sridhar Vembu On AI Impact And Declining IT Jobs
New Delhi: Sridhar Vembu, Chief Scientist and Co-founder of software major Zoho, on Monday warned students opting for huge education loans to think twice, as hiring has declined, particularly in the Information Technology (IT) sector owing to the AI surge. Vembu said that his company has also cut down on its hiring for new roles due to the impact of artificial intelligence (AI) and job automation, as IT giants like Tata Consultancy Services (TCS) and Microsoft are laying off thousands of employees amid AI transformation of job markets. 'A recent distress call: a student has taken about Rs 70 lakh ($80K) debt at 12 per cent to get a master's degree in a small college in the US. The problem is that the job scene in IT is bad, especially so for foreign students, and payments on the loan are starting soon,' Vembu wrote on the X social media platform. "I don't know what we could do in this situation because we have not been hiring much as we transform ourselves for the AI era. That caution in hiring is also because we have a policy of not resorting to lay-offs. I urge students and parents to be cautious in borrowing heavily to pursue degrees abroad and in India," Vembu added. He further stated that we should not trap young people in debt in the name of education. 'The only smart course is for prospective employers to fund training programs and for the industry to broadly accept such alternative credentials rather than ask for formal degrees. The best investment we make as a company is in training and skill development. I hope companies do this widely so we don't strand young people in debt," he added. In July, TCS had announced layoffs of around 12,000 employees — about 2 per cent of its global workforce, mostly at mid and senior levels. Microsoft has laid off 15,000 employees in 2025 while investing $80 billion in AI. Regular back-office tasks, software engineering, IT support, and other such roles were the main targets of layoffs. While TCS cited "skill mismatch" and difficulties in deploying certain roles, the timing and scale indicate that the wider adoption of AI and automation are driving the layoffs. India's IT industry association Nasscom has also highlighted that IT sector is at an 'inflection point,' calling for urgent upskilling, cross-skilling in AI-driven business skills.
