SharePoint flaw exploited in hacks on agencies, firms: Microsoft
The software under attack is Microsoft's on-premise SharePoint Server, which is commonly deployed by organizations that manage their infrastructure. Microsoft clarified that its cloud-based SharePoint Online service within Microsoft 365 is not affected.
In a security advisory issued on July 19, the company described the threat as a "zero-day" attack, referring to the exploitation of a previously unknown software flaw. According to experts cited by The Washington Post, which first reported the breach, the flaw has been used in recent days to launch cyberattacks against U.S. and international government agencies and businesses. Tens of thousands of servers may be vulnerable.
"We've been coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners globally throughout our response," a Microsoft spokesperson said. "Security updates have been issued and customers should install them immediately."
The vulnerability allows an attacker with network access to perform "spoofing"—a type of deception in which a malicious actor impersonates a trusted entity. This technique can be used to manipulate systems, financial markets, or internal communications by masking the source of malicious activity.
The FBI confirmed over the weekend that it is aware of the ongoing attacks and is working with federal agencies and private-sector partners to investigate, though it provided no further details.
Microsoft said it is developing updates specifically for the 2016 and 2019 versions of SharePoint. Until those fixes are available, customers unable to implement Microsoft's recommended security configurations should consider disconnecting affected servers from the internet to limit exposure.
Spoofing attacks can be hazardous in environments like government networks or financial institutions, where trust in digital communications is paramount. Microsoft has provided detailed mitigation instructions for system administrators to secure their environments while patches are rolled out.
This incident is the latest in a string of cyber threats affecting critical infrastructure and enterprise tools. These often involve sophisticated attackers exploiting unpatched vulnerabilities before companies are aware they exist.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Malay Mail
a day ago
- Malay Mail
Chow Kon Yeow: Penang's RM296m ‘GBS By The Sea' hub fully occupied by global tech firms
GEORGE TOWN, Aug 2 — Penang continued to cement its status as a global business and technology hub with the official launch of 'GBS By The Sea', a landmark RM296 million development located in Technoplex Bayan Lepas. Penang Chief Minister Chow Kon Yeow hailed the project as a bold statement and a clear example of Penang's transition into a knowledge-based, innovation-driven economy. He said GBS By The Sea is the fourth project under the global business services (GBS) initiative, spanning 290,000 square feet (sq ft) of space. 'The GBS By The Sea facility is already fully occupied, with three global industry leaders, namely Advanced Micro Devices Global Services (AMD), Celestica Platform and Cloud Solutions Malaysia and the Microsoft Knowledge Capital Centre. 'These global companies are not only investing in Penang, but they are also creating over 1,000 quality jobs for our local talent in areas like research and development (R&D), engineering, digital services and more. These are the kind of high-value, future-ready jobs that we want for Penangites,' he said during the GBS By The Sea launching ceremony in Bayan Lepas today. Also present at the ceremony were State Infrastructure, Transport and Digital Committee chairman Zairil Khir Johari, Majlis Bandaraya Pulau Pinang (MBPP) Mayor Datuk A Rajendran and Penang Development Corporation (PDC) chief executive officer Datuk Aziz Bakar. Chow elaborated that the facility is not just a workplace but also equipped with a gym, cafeteria and a six-storey car park with 800 bays. He emphasised that GBS would play a vital role in Penang's next chapter, moving from being a manufacturing hub to becoming a knowledge-based and tech-forward economy. 'Projects like GBS By The Sea help us make that transition not just in words, but in real ways that matter to businesses and workers. 'With the announcement of 13th Malaysia Plan (13MP), which puts a strong focus on the transition to 'Made by Malaysia' and aims for higher growth and higher value creation, GBS By The Sea fits perfectly into this big picture — it's local, it's future-focused, and it brings value,' he said. Chow also announced that PDC is already working on its fifth GBS project, namely 'GBS at Technoplex', a RM500 million development offering over 400,000 sqft of space. He said that even though construction has not been completed, 16 per cent of the building has already been pre-booked by tenants, reflecting strong demand and high confidence in Penang's potential. — Bernama
The Star
2 days ago
- The Star
AI researchers are negotiating US$250mil pay packages. Just like NBA stars
SAN FRANCISCO: Over the summer, Matt Deitke got a phone call from Mark Zuckerberg, Meta's chief executive. Zuckerberg wanted Deitke, a 24-year-old artificial intelligence researcher who had recently helped found a startup, to join Meta's research effort dedicated to 'superintelligence,' a technology that could hypothetically exceed the human brain. The company promised him around US$125mil (RM534.7mil) in stock and cash over four years if he came aboard. The offer was not enough to lure Deitke, who wanted to stick with his startup, two people with knowledge of the talks said. He turned Zuckerberg down. So Zuckerberg personally met with Deitke. Then Meta returned with a revised offer of around US$250mil (RM1bil) over four years, with potentially up to US$100mil (RM427.8mil) of that to be paid in the first year, the people said. The compensation jump was so startling that Deitke asked his peers what to do. After many discussions, some of them urged him to take the deal – which he did. Silicon Valley's AI talent wars have become so frenzied – and so outlandish – that they increasingly resemble the stratospheric market for NBA stars. Young AI researchers are being recruited as if they are Steph Curry or LeBron James, with nine-figure compensation packages structured to be paid out over several years. To navigate the froth, many of the 20-somethings have turned to unofficial agents and entourages to strategise. And they are playing hardball with the companies to get top dollar, much as basketball players shop for the best deals from teams. The difference is that unlike NBA teams, deep-pocketed AI companies like Meta, OpenAI and Google have no salary caps. (Curry's most recent four-year contract with the Golden State Warriors was US$35mil/RM150mil less than Deitke's deal with Meta.) That has made the battles for AI talent even wilder. Over the past few weeks, recruiting AI free agents has become a spectacle on social media, much like the period before a trade deadline in sports. As Meta, Microsoft, Google and OpenAI have poached employees from one another, job announcements have been posted online with graphics resembling major sports trades, made by the online streaming outlet TBPN, which hosts an ESPN-like show about the tech and business world. 'BREAKING: Microsoft has poached over 20 staff members from DeepMind over the last six months,' read one recent TBPN post about Microsoft's hiring from Google's DeepMind lab. Jordi Hays, a co-host of TBPN, said that as tech and AI have gone mainstream, more people are following the recruitment fray 'the way our friends from college obsess over sports – the personalities, the players, the leagues.' On Wednesday, Zuckerberg said Meta planned to continue throwing money at AI talent 'because we have conviction that superintelligence is going to improve every aspect of what we do.' Superintelligent AI would not just improve the company's business, he said, but would also become a personal tool that 'has the potential to begin an exciting new era of individual empowerment.' A Meta spokesperson declined to comment. Deitke did not respond to a request for comment. The job market for AI researchers has long had parallels to professional sports. In 2012, after three academics at the University at Toronto published a research paper describing a seminal AI system that could recognise objects like flowers and cars, they auctioned themselves off to the highest corporate bidder – Google – for US$44mil (RM188.21mil). That kicked off a race for talent across the tech industry. By 2014, Peter Lee, Microsoft's head of research, was likening the market to that for up-and-coming pro football players, many of whom were making about US$1mil (RM4.28mil) a year. 'Last year, the cost of a top, world-class deep learning expert was about the same as a top NFL quarterback prospect,' Lee told Bloomberg BusinessWeek at the time, referring to a type of AI specialist. 'The cost of that talent is pretty remarkable.' The leverage that AI researchers have in negotiating job terms has only increased since OpenAI released the ChatGPT chatbot in 2022, setting off a race to lead the technology. They have been aided by scarcity: Only a small pool of people have the technical know-how and experience to work on advanced artificial intelligence systems. That's because AI is built differently from traditional software. These systems learn by analysing enormous amounts of digital data. Few researchers have experience with the most advanced systems, which require giant pools of computing power available to only a handful of companies. The result has been a fresh talent war, with compensation soaring into the hundreds of millions of dollars a year, from millions of dollars a year. In April, Zuckerberg – whose company was struggling to advance its AI research – dived in by sending personal messages to potential recruits, offering them larger and larger sums. His approach was similar to that of sports franchise owners, two Meta employees said. Even if the offers seemed absurd, if the new hires could help increase revenue by even half a percent – especially for a company that is closing in on a US$2 trillion (RM8.56 trillion) market capitalisation – it would be worth it, the people said. 'If I'm Zuck and I'm spending US$80bil (RM342.20bil) in one year on capital expenditures alone, is it worth kicking in another US$5bil (RM22.4bil) or more to acquire a truly world-class team to bring the company to the next level?' Hays said. 'The answer is obviously yes.' Meta's initial offers to engineers varied but hovered in the mid-tens of millions of dollars, three people familiar with the process said. The company also offered recruits something that was arguably more attractive than money: computing power. Some potential hires were told they would be allotted 30,000 graphical processing units, or GPUs, for their AI research, one of the people said. GPUs, which are powerful chips ideal for running the calculations that fuel AI, are highly coveted. Zuckerberg has hired with the help of the List, a document with the names of the top minds in AI, two people familiar with the effort said. Many on the List have three main qualifications: a doctorate in an AI-related field, experience at a top lab and contributions to AI research breakthroughs, one of the people said. The Wall Street Journal previously reported some details of the List. Some researchers on the List have created chat groups on Slack and Discord to discuss offers, two people in the groups said. When someone lands an offer, they can drop the details in the group chats and ask peers to weigh in. (AI is a tight-knit field where people often know one another.) They trade information about which companies to approach for another offer so they can build up their price, the people said. Working with friends can be just as important as the money. After a researcher joins a new lab, the first thing that person often does is try to recruit friends, two people familiar with the process said. The talent wars have started causing pain. OpenAI has changed its compensation structure to account for the shift in the market, employees at the company said, and is asking those approached by competitors to consult executives before immediately accepting offers. 'Are we countering? Yes,' Mark Chen, OpenAI's chief research officer, said at a company meeting this month, according to a recording reviewed by The New York Times. But he added that OpenAI had not matched Meta's offers because 'I personally think that in order to work here, you have to believe in the upside of OpenAI.' OpenAI declined to comment. (The Times has sued OpenAI and Microsoft, claiming copyright infringement in relation to news content related to AI systems. The two companies have denied the claims.) Not all of Meta's overtures have succeeded. The company has been rebuffed by some researchers, two people said, partly because Zuckerberg's vision for artificial intelligence was unclear compared to those at other companies. Still, the frenzy has allowed even little-known researchers like Deitke to chart their own destinies. Deitke, who recently dropped out of a computer science PhD program at the University of Washington, had moonlighted at a Seattle AI lab called the Allen Institute for Artificial Intelligence. There, he led the development of a project called Molmo, an AI chatbot that juggles images, sounds and text – the kind of system that Meta is trying to build. In November, Deitke and several Allen Institute colleagues founded Vercept, a startup that is trying to build AI agents, which can use other software on the Internet to autonomously perform tasks. With about 10 employees, Vercept has raised US$16.5mil (RM70.6mil) from investors such as former Google chief executive Eric Schmidt. Then came Deitke's back-and-forth with Zuckerberg. After Deitke accepted Meta's roughly US$250mil four-year offer, Vercept's CEO posted on social media, 'We look forward to joining Matt on his private island next year.' – © 2025 The New York Times Company This article originally appeared in The New York Times
The Star
2 days ago
- The Star
Microsoft in Brazilian antitrust regulator's crosshairs after Opera complaint
FILE PHOTO: A view shows the Microsoft logo on the day of the Hannover Messe, one of the world's largest industrial trade fairs, in Hanover, Germany, March 31, 2025. REUTERS/Fabian Bimmer/File Photo BRUSSELS (Reuters) -Brazil's antitrust enforcer CADE has opened an investigation into Microsoft, days after Norwegian browser Opera complained about Microsoft's Edge, according to a CADE statement published late Thursday on its website. Opera, in its complaint filed on Tuesday, alleged that Microsoft pre-installs Edge as the default browser across Windows devices and computers, thereby preventing rivals from competing on the merits of the products. Opera had 6.78% of the Brazilian desktop browser market in June versus Edge's 11.52% and market leader Google Chrome's 75%. CADE said it had opened an administrative inquiry and set an August 15 deadline for Microsoft to respond to Opera's allegations about its Windows operating system licences, the Microsoft 365 software and its Jumpstart programme. The Jumpstart programme allows Microsoft clients to build autonomous artificial intelligence agents for routine tasks, a move which could help the company monetise its billion-dollar investments in AI. Other Big Tech companies have similar tools. Microsoft did not immediately respond to emailed requests for comment. Opera has been complaining about its competitor since December 2007 when it took its grievance about the latter's internet Explorer browser bundled with its Windows operating system to the European Commission, resulting in a 561-million-euro ($640 million) fine for the U.S. tech giant. ($1 = 0.8764 euros) (Reporting by Foo Yun Chee;Editing by Elaine Hardcastle)
