Microsoft server hack hit about 100 organizations, researchers say
Microsoft on Saturday issued an alert about "active attacks" on self-hosted SharePoint servers, which are widely used by organizations to share documents and collaborate within organizations. SharePoint instances run off of Microsoft servers were unaffected.
Dubbed a "zero-day" because it leverages a previously undisclosed digital weakness, the hacks allow spies to penetrate vulnerable servers and potentially drop a backdoor to secure continuous access to victim organizations.
Vaisha Bernard, the chief hacker at Eye Security, a Netherlands-based cybersecurity firm, which discovered the hacking campaign targeting one of its clients on Friday, said that an internet scan carried out with the Shadowserver Foundation had uncovered nearly 100 victims altogether - and that was before the technique behind the hack was widely known.
"It's unambiguous," Bernard said. "Who knows what other adversaries have done since to place other backdoors."
He declined to identify the affected organizations, saying that the relevant national authorities had been notified.
The Shadowserver Foundation confirmed the 100 figure. It said most of those affected were in the United States and Germany, and the victims included government organizations.
Another researcher said that, so far, the spying appeared to be the work of a single hacker or set of hackers.
"It's possible that this will quickly change," said Rafe Pilling, director of Threat Intelligence at Sophos, a British cybersecurity firm.
Microsoft said it had "provided security updates and encourages customers to install them," a company spokesperson said in an emailed statement.
It was not clear who was behind the ongoing hack, but Alphabet's Google, which has visibility into wide swaths of internet traffic, said it tied at least some of the hacks to a "China-nexus threat actor."
The Chinese Embassy in Washington didn't immediately respond to a message seeking comment; Beijing routinely denies carrying out hacking operations.
The FBI said on Sunday it was aware of the attacks and was working closely with its federal and private-sector partners, but offered no other details. Britain's National Cyber Security Center said in a statement that it was aware of "a limited number" of targets in the United Kingdom. A researcher tracking the campaign said that the campaign appeared initially aimed at a narrow set of government-related organizations.
The pool of potential targets remains vast. According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers. Shadowserver put the number at a little more than 9,000, while cautioning that the figure was a minimum.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
"The SharePoint incident appears to have created a broad level of compromise across a range of servers globally," said Daniel Card of British cybersecurity consultancy PwnDefend.
"Taking an assumed breach approach is wise, and it's also important to understand that just applying the patch isn't all that is required here." (Reporting by James Pearson and Raphael Satter; Editing by Nick Zieminski, Marguerita Choy and Leslie Adler)
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Khaleej Times
6 hours ago
- Khaleej Times
Pakistan says it's close to US trade deal, Washington gives no timeline
Pakistani Foreign Minister Ishaq Dar said on Friday the United States and Pakistan were "very close" to a trade deal that could come within days, but comments from the U.S. after Dar met with Secretary of State Marco Rubio mentioned no timeline. "I think we are very close to finalizing a deal with U.S. Our teams have been here in Washington, discussing, having virtual meetings and a committee has been tasked by the prime minister to fine-tune now," Dar said in a discussion at the Atlantic Council think tank in Washington. "It's not going to be months, not even weeks, I would say (just) days," he said. Under U.S. President Donald Trump, Washington has attempted to renegotiate trade agreements with many countries that he threatened with tariffs over what he calls unfair trade relations. Many economists dispute Trump's characterization. The U.S. State Department and Pakistan's foreign ministry, in separate statements after Rubio's meeting with Dar, said the two stressed in their discussion the importance of expanding trade and ties in critical minerals and mining. A post by Rubio on X after the meeting and the State Department's statement mentioned no timeline for finalizing a trade deal. The Pakistan foreign ministry also said Dar "appreciated the pivotal role" by Trump and Rubio "in de-escalating tensions between Pakistan and India by facilitating a ceasefire." The State Department statement did not mention India. Trump has repeatedly taken credit for the India-Pakistan ceasefire he announced on social media on May 10 after Washington held talks with both sides. India disputes Trump's claims that the ceasefire resulted from his intervention and trade threats. India's position is that New Delhi and Islamabad must resolve problems directly with no outside involvement. An April 22 militant attack in India-administered Kashmir killed 26 men and sparked heavy fighting between the nuclear-armed Asian neighbors in the latest escalation of a decades-old rivalry. India struck Pakistan on May 7 and the two nations exchanged hostilities, killing dozens across three days. The ceasefire was declared on May 10. New Delhi blamed the April attack on Pakistan, which denied responsibility and called for a neutral investigation. Washington condemned the attack but did not blame Islamabad.
Crypto Insight
10 hours ago
- Crypto Insight
Bitcoin ‘up year' is 2026, and the four-year cycle is dead: Bitwise
Bitcoin's price could see significant upside in 2026, bucking the traditional four-year market cycle, according to Bitwise chief investment officer Matt Hougan. The prediction comes as other analysts are divided on whether Bitcoin will stray from its historical pattern or follow the traditional halving cycle and peak in the coming months. Bitcoin may be in for a 'good few years,' says Hougan 'I bet 2026 is an up year,' Hougan said in an X video on Friday. 'I broadly think we're in for a good few years,' Hougan added. Hougan said the four-year halving cycle 'is dead' for several reasons, including the Bitcoin halving becoming 'half as important' every four years, and the interest rate cycle being positive for crypto. Since April, US President Donald Trump has been publicly pressuring Federal Reserve Chair Jerome Powell to cut interest rates, a potentially bullish catalyst for Bitcoin, as lower rates make traditional assets like bonds and term deposits less appealing to investors. Hougan also said the chances of significant price pullbacks have decreased as the industry gains more clarity on regulations. 'Blow-up risk is attenuated, due to improving regulation and the institutionalization of the space,' Hougan said. He said that given the ongoing regulatory process and the early stage of institutional adoption, Bitcoin likely has more upside in this cycle than historical trends suggests: 'The long-term pro-crypto forces will overwhelm the classic 'four-year cycle' forces, to the extent those exist, and that 2026 will be a good year.' Hougan said the most significant 'cyclical-style risk' for Bitcoin is the rise of Bitcoin treasury companies. 'Bears watching and is significant,' Hougan said. Asset manager VanEck recently echoed the same concern, warning that firms accumulating Bitcoin by issuing new stock or taking on debt are particularly vulnerable. VanEck said these companies might be overextended if Bitcoin's price falls sharply. Bitcoin more likely to see a 'sustained steady boom' However, Hougan forecasted that Bitcoin's price rally will be steady rather than aggressive in the short term. 'I think it's more 'sustained steady boom' than super-cycle,' he said. 'I could be wrong, and I'm certain there will be significant volatility,' he added. It comes only days after CryptoQuant CEO Ki Young Ju said the Bitcoin four-year cycle theory 'is dead.' 'My predictions were based on it — buy when whales accumulate, sell when retail joins. But that pattern no longer holds,' Ju said. 'Last cycle, whales sold to retail. This time, old whales sell to new long-term whales. Institutional adoption is bigger than we thought,' Ju added. However, not everyone says the pattern has changed. Crypto analyst Rekt Capital recently warned that Bitcoin may only have a few months of price expansion left in the cycle, especially if it follows the same historical pattern from 2020. Rekt explained that if the Bitcoin cycle follows the 2020 pattern, the market will likely peak in October, which is 550 days after the Bitcoin halving in April 2024. Source:
The National
13 hours ago
- The National
From beauty to gaming: How smart tech is quietly transforming accessibility
More than 1.3 billion people globally – about 16 per cent of the world's population – live with some form of disability, according to the World Health Organisation. That includes a broad range of physical, sensory, cognitive and age-related conditions. Among them, millions live with limited mobility or fine motor challenges, impairments that can make routine tasks like styling hair, applying make-up, or playing video games significantly more difficult. Innovative consumer technology is now helping people with disabilities gain more independence, confidence and control, often without being explicitly marketed as assistive. Tools from Dyson, L'Oréal, and Microsoft are leading a shift towards inclusive design, proving that innovation for the mainstream can also empower those at the margins. 'It's not about whether I can do something – it's about whether a product allows me to do it efficiently, independently and with the same experience as everyone else,' Jessica Smith, a disability advocate born without a left forearm, tells The National. An empowering styling tool Ms Smith has been using the new Dyson Airwrap i.d., a hair styling tool that uses sensors, airflow control and app-based settings to simplify the process of curling and drying hair. She says it's one of the few beauty tools that feels like it was made with people like her in mind. 'The ability to style hair with one hand more seamlessly is a game-changer,' she adds. 'It's exciting to see how it can support my routine.' According to Dyson, the product's accessibility benefits weren't part of the original design brief but emerged organically through efforts to make styling easier for all users. 'The brief was always to make styling and curling hair more convenient and easier for everyone, not necessarily catering to users with disabilities,' Low Chen Nyeow, associate design manager at Dyson Beauty, tells The National. The Airwrap i.d. connects to an app that automates different steps in the styling process, which is helpful for people with limited mobility. 'It removes the need for them to continually press the power button during the styling process as well as hold the cool shot button down,' Ms Nyeow said. In addition, the device's self-wrapping barrels and personalised presets cut manual efforts by users. 'Hair gets wrapped automatically, even without the user feeding a hair tress to the barrel,' she added. 'The personalised curling sequence simplifies usage and allows users to tailor their styling experience without needing to hold multiple buttons down.' Ms Smith said she hopes more companies follow Dyson's example, even if inclusivity isn't their starting point. 'Inclusion should be the standard, not an afterthought,' she says. 'Beauty and personal care are a huge part of people's confidence and self-expression, but for too long, brands have overlooked the needs of disabled consumers. That's how innovation truly meets our needs.' At Dyson, accessibility remains a vital area of continuing research. 'Although we do not have immediate plans to integrate voice or gesture controls into beauty tools, our research teams are investigating how emerging technologies could be incorporated in the future,' Ms Nyeow says. Growing market with untapped potential Assistive technology is a rapidly growing sector focused on enhancing the quality of life for people with disabilities or age-related limitations. It includes products, devices, and software that support users in performing everyday tasks, from communication and mobility to personal care and digital access. The global assistive technology market is projected to reach $41 billion by 2033, from $26.8 billion in 2024, according to market research company Imarc Group. Much of this growth comes from specialised companies focused on health care, mobility, and communication. For example, Sweden's Tobii Dynavox Global develops eye-tracking and speech-generating devices for people with neurological conditions. The US company Ekso Bionics develops wearable exoskeletons that enable individuals with paralysis or mobility impairments to walk again. Aira Technologies is another innovator, offering real-time visual assistance through smart glasses for people who are blind or visually impaired. Mainstream brands like Dyson, L'Oréal, and Microsoft are contributing to the space. Their consumer-first innovations, while not always designed with disability in mind, are proving to be inclusive by default, showing that accessible design can have the most significant impact when it's built for everyone. Innovative make up L'Oréal's HAPTA, an innovative lipstick applicator for people with limited hand or arm mobility, is an example. With its launch in January 2023 at the Consumer Electronics Show (CES) in Las Vegas, L'Oréal put inclusive design at the centre of innovation. The device uses sensors and gyroscopic technology to stabilise motion, helping users apply make-up without requiring a full range of movement. According to a company statement, HAPTA was developed to meet the needs of an estimated 50 million people worldwide who live with limited motor skills. This condition can make daily tasks, such as applying make-up, especially difficult. The hand-held applicator incorporates technology initially developed by Verily to stabilise utensils for people with mobility impairments, now adapted to beauty routines. 'Inclusivity is at the heart of our innovation and beauty tech strategy,' Barbara Lavernos, the company's deputy chief executive in charge of research, innovation, and technology said in a statement at the launch. HAPTA features customisable attachments and built-in smart motion controls to increase range of motion and ease of use. It features a magnetic rotating head that provides 360 degrees of rotation and 180 degrees of flexion, enabling users to save preferred positions for future use. 'With HAPTA, we are going one step further by making beauty more accessible to use because everyone should have equal access to it,' Françoise Lehmann, Lancôme global brand president, said at the time. Gaming for all In the gaming world, Microsoft's Xbox Adaptive Controller has become a leading example of how mainstream tech can deliver powerful accessibility. Designed for players with limited mobility, the device features oversized buttons and multiple input ports that connect to custom accessories, including foot pedals, switches, and sip-and-puff systems. These features enable users to personalise their gaming experience according to their physical needs. 'The goal of the Xbox Adaptive Controller is to remove that barrier. We strive to make Xbox the most accessible gaming platform on the market,' Microsoft said in its fact sheet on the device. 'The Xbox Adaptive Controller provides a much-needed, simple, and affordable solution for gamers with limited mobility.'
