Microsoft knew of SharePoint server exploit but failed to effectively patch it
LONDON (Reuters) -A security patch released by Microsoft last month failed to fully fix a critical flaw in U.S. tech giant's SharePoint server software that had been identified in May, opening the door to a sweeping global cyber espionage operation.
It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend. But Alphabet's Google, which has visibility into wide swathes of internet traffic, said it tied at least some of the hacks to a "China-nexus threat actor".
The Chinese Embassy in Washington did not respond to a Reuters request for comment. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations.
Contacted on Tuesday, Microsoft was not immediately able to provide comment on the patch and its effectiveness.
The vulnerability that facilitated the attack was first identified in May at a hacking competition in Berlin organised by cybersecurity firm Trend Micro, which offered cash bounties for the discovery of computer bugs in popular software.
It offered a $100,000 prize for "zero day" exploits - so called because they leverage previously undisclosed digital weaknesses - that could be used against SharePoint, Microsoft's flagship document management and collaboration platform.
A researcher working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam's military, identified a SharePoint bug at the event, dubbed it 'ToolShell' and demonstrated a method of exploiting it.
The researcher was awarded $100,000 for the discovery, according to a post on X by Trend Micro's "Zero Day Initiative". A spokesperson for Trend Micro did not immediately respond to Reuters' requests for comment regarding the competition on Tuesday.
Microsoft subsequently said in a July 8 security update that it had identified the bug, listed it as a critical vulnerability, and released patches to fix it.
Around 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers.
"Threat actors subsequently developed exploits that appear to bypass these patches," British cybersecurity firm Sophos said in a blog post on Monday.
The pool of potential ToolShell targets remains vast.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, while cautioning that the figure was a minimum.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
Hashtags

Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
19 minutes ago
- Yahoo
Google partners with Italy's Energy Dome on zero-emission power supply
MILAN (Reuters) -Italian energy storage firm Energy Dome said on Friday it had entered a commercial partnership with Google to supply carbon-free energy to the grids that power the operations of the U.S. tech giant. As part of the agreement, Google has made a strategic investment in Milan-based Energy Dome, which has developed a CO2 battery technology to support the energy transition through long-duration energy storage solutions, the companies said in a joint statement. They did not disclose the financial details. Google joins other investors in the Italian energy storage firm such as Oman's sovereign wealth fund and global tank storage operator Vopak. Google's first commercial long-duration energy storage deal is part of a growing number of advanced energy technologies the group needs to hit a goal to run its operations on 24/7 carbon-free energy by 2030. Energy Dome's CO2-based system stores energy by compressing and liquefying carbon dioxide, which is later expanded to generate electricity. The technology avoids the use of scarce raw materials such as lithium and copper, making it potentially attractive to European policymakers seeking to reduce reliance on critical minerals and bolster energy security. Energy Dome launched its first commercial-scale plant in Sardinia in 2022 with a view to completing it by the end of 2024, with a 24-hour cycle and a 20-megawatt capacity able to power 13,000-15,000 houses. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data


Axios
21 minutes ago
- Axios
Meta will no longer accept political, election or issue ads in EU
Meta on Friday said starting in October it will no longer accept political, election or social issue ads in the European Union, in response to new regulation that it says will cause "significant operational challenges and legal uncertainties." Why it matters: Google already said it would pull ads in the EU for the same reason. Campaigns and cause and appeal organizations will have a significantly harder time placing ads online without the ability to run them on the EU's two biggest digital platforms. Zoom in: Meta's decision comes ahead of the incoming Transparency and Targeting of Political Advertising (TTPA) regulation that requires digital political ads to be labeled with information about how the ad is targeted, who is paying for it, how much it costs and which election or cause it supports. The law, which goes into effect this October, has faced criticism from digital ad companies for being written too broadly to implement accurately. Meta says the law "introduces significant, additional obligations to our processes and systems that create an untenable level of complexity and legal uncertainty for advertisers and platforms operating in the EU." Yes, but: The decision won't prevent people or candidates in the EU from posting about and debating politics on its platforms, the company clarified in a statement. Of note: Meta rival Google said last year the law is too broad, making it difficult to reliably identify political ads to label at scale. It also says there's a lack of reliable local election data available to apply to labels. Google has already pulled political ads from regions with cumbersome regulations, such as Brazil, France and Canada. The big picture: Digital behemoths like Meta and Google years ago introduced their own political ad transparency tools and databases to help make it clear to the public which political and social issue advertisers are buying ads on its platforms, how much they're spending, who pays for the ads and who the ads target.


TechCrunch
21 minutes ago
- TechCrunch
Google is testing a vibe-coding app called Opal
AI-powered coding tools have become so popular over the past few months that almost every major tech company is either using one or making its own. Makers of these so-called 'vibe-coding' tools are a hot commodity at the moment, with startups like Lovable and Cursor fending off buyers and investors keen to tap a hot trend. Google's now become the latest to hop on this bandwagon: the company is testing a vibe-coding tool called Opal, available to users in the U.S. through Google Labs, which the company uses as a base to experiment with new tech. Opal lets you create mini web apps using text prompts, or you can remix existing apps available in a gallery. All users have to do is in a description of the app they want to make, and the tool will then use different Google models to do so. Once the app is ready, you can navigate into an editor panel to see the visual workflow of input, output, and generation steps. You can click on each workflow step to look at the prompt that dictates the process, and edit it if you need to. You can also manually add steps from Opal's toolbar. Opal also lets users publish their new app on the web and share the link with others to test out using their own Google accounts. Google's AI studio already lets developers build apps using prompts, but Opal's visual workflow indicates the company likely wants to target a wider audience. The company joins a long list of competitors, including Canva, Figma, and Replit, that are making tools to encourage non-technical people to create prototypes of apps without having to do any coding.