Microsoft knew of SharePoint server exploit but failed to effectively patch it
LONDON (Reuters) -A security patch released by Microsoft last month failed to fully fix a critical flaw in U.S. tech giant's SharePoint server software that had been identified in May, opening the door to a sweeping global cyber espionage operation.
It remains unclear who is behind the ongoing operation, which targeted around 100 organisations over the weekend. But Alphabet's Google, which has visibility into wide swathes of internet traffic, said it tied at least some of the hacks to a "China-nexus threat actor".
The Chinese Embassy in Washington did not respond to a Reuters request for comment. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies carrying out hacking operations.
Contacted on Tuesday, Microsoft was not immediately able to provide comment on the patch and its effectiveness.
The vulnerability that facilitated the attack was first identified in May at a hacking competition in Berlin organised by cybersecurity firm Trend Micro, which offered cash bounties for the discovery of computer bugs in popular software.
It offered a $100,000 prize for "zero day" exploits - so called because they leverage previously undisclosed digital weaknesses - that could be used against SharePoint, Microsoft's flagship document management and collaboration platform.
A researcher working for the cybersecurity arm of Viettel, a telecommunications firm operated by Vietnam's military, identified a SharePoint bug at the event, dubbed it 'ToolShell' and demonstrated a method of exploiting it.
The researcher was awarded $100,000 for the discovery, according to a post on X by Trend Micro's "Zero Day Initiative". A spokesperson for Trend Micro did not immediately respond to Reuters' requests for comment regarding the competition on Tuesday.
Microsoft subsequently said in a July 8 security update that it had identified the bug, listed it as a critical vulnerability, and released patches to fix it.
Around 10 days later, however, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit: SharePoint servers.
"Threat actors subsequently developed exploits that appear to bypass these patches," British cybersecurity firm Sophos said in a blog post on Monday.
The pool of potential ToolShell targets remains vast.
According to data from Shodan, a search engine that helps to identify internet-linked equipment, over 8,000 servers online could theoretically have already been compromised by hackers.
The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, while cautioning that the figure was a minimum.
Those servers include major industrial firms, banks, auditors, healthcare companies, and several U.S. state-level and international government entities.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
10 minutes ago
- Yahoo
Pittsburgh man tells Dave Ramsey he wants to marry his girlfriend of 8 months — but balked when she suggested a prenup
Mike, 36, from Pittsburgh called into The Ramsey Show for advice on his relationship's next steps. He told Dave Ramsey, 'I want to propose to my girlfriend, but we disagree on finances.' Mike quickly expanded that the couple discussed their potential future together — including his intention to combine their relatively similar assets — devolved when she requested a prenup in order to keep their finances separate. 'I see no reason for [the prenup],' said Mike. Dave Ramsey and Jade Warshaw agreed. 'So, you're not ready to propose,' said Ramsey. Don't miss Thanks to Jeff Bezos, you can now become a landlord for as little as $100 — and no, you don't have to deal with tenants or fix freezers. Here's how I'm 49 years old and have nothing saved for retirement — what should I do? Don't panic. Here are 6 of the easiest ways you can catch up (and fast) You don't have to be a millionaire to gain access to this $1B private real estate fund. In fact, you can get started with as little as $10 — here's how Getting on the same page before marriage Mike recently sold a piece of land and will walk away from the deal with $180,000. He's made a budget and plans to use those funds to pay down the mortgage on his own home and be mortgage-free within four years. As they've gotten more serious, Mike broached a conversation about his intention to combine their finances in the future. Eventually, once they potentially marry, he wants to buy a bigger home with his now-girlfriend. His girlfriend, who owns a rental property of her own, doesn't want to combine finances at all, even though their assets are similar and she doesn't come from a wealthy family. Instead, she wants the prenup to outline individual assets and keep their money separate. In fact, she represents 50% of American adults who are open to prenups and hers would represent one in five marriages that actually have one, if she were to go through with getting it. However, after learning the couple has only been together around eight months, Ramsey advised against jumping into an engagement right away. 'You've got some more work to do on this relationship before it becomes a marriage.' Ramsey pointed out that, 'The number one cause of divorce in North America is disagreements over money.' With that sobering statistic in mind, Ramsey suggested the couple get on the same page about money before taking things any further. According to Ramsey, disagreements about money generally reflect a deeper misalignment of values, which is important to work through before getting married. 'I think you scared her,' said Ramsey. She might not be ready to combine her finances due to other fears, particularly around completely trusting a spouse with combined finances. 'What it sounded to me like what she was dealing with was fear-based and it wouldn't have mattered who the guy was,' said Warshaw. But when considering marriage, Mike and his girlfriend still have work to do. Read more: Want an extra $1,300,000 when you retire? Dave Ramsey says — and that 'anyone' can do it Financial red flags that can predict a breakup Financial disagreements can put strain on any relationship. In fact, a recent survey from the New York Post found that 32% of Americans are uncomfortable discussing finances in their relationship. And 44% worry that discussing finances with their partner will lead to disagreements. If you cannot openly discuss finances with your partner, it's often a red flag. When sharing your life with someone, the ability to openly dialogue about big picture issues, including money, is critical. When a partner actively avoids talking about finances, it can put an ongoing strain on your relationship. After all, anytime you need to make a household money decision, the lack of communication could quickly lead to an issue. In Mike's relationship, Dave already spotted one financial red flag: this couple has mismatched goals. Mike wants to pay off debt and interweave their finances. In contrast, his girlfriend wants to keep her assets protected, just in case. This pre-made exit strategy represents a red flag in Ramsey's eyes. Another potential red flag is when your partner hides financial information from you (the extreme end of this is financial infidelity). While you might not talk about money on your first date, you'll want to put your cards on the table as the possibility of marriage enters the relationship and as managing shared finances becomes a part of the equation. If one or both partners can't bring themselves to share their financial situation, it could represent an impasse for the relationship. And it can take multiple conversations and time to work through this new chapter together in a thoughtful and strategic way. Another issue can be being on different timelines. For example, wanting to be mortgage-free by 45 while another individual is okay with delaying this milestone if it means travelling and enjoying life a little more. One option is to enlist the help of a pre-marriage counselor — a suggestion Ramsey made to Mike. Building a joint value framework together that both parties can agree on and make decisions with can help this couple step into their marriage with confidence and not fear. What to read next Robert Kiyosaki warns of a 'Greater Depression' coming to the US — with millions of Americans going poor. But he says these 2 'easy-money' assets will bring in 'great wealth'. How to get in now Accredited investors can now buy into this $22 trillion asset class once reserved for elites – and become the landlord of Walmart, Whole Foods or Kroger without lifting a finger. Here's how Rich, young Americans are ditching the stormy stock market — here are the alternative assets they're banking on instead Here are 5 'must have' items that Americans (almost) always overpay for — and very quickly regret. How many are hurting you? Stay in the know. Join 200,000+ readers and get the best of Moneywise sent straight to your inbox every week for free. This article provides information only and should not be construed as advice. It is provided without warranty of any kind. Sign in to access your portfolio
CNBC
12 minutes ago
- CNBC
Bank of America says these five stocks have more room to run ahead of earnings
Bank of America said this week it sees a host of companies that are well positioned ahead of earnings. Analysts named stocks like Amazon that have compelling valuations or expected catalysts as quarterly reporting season continues. Other buy-rated names it cited include: Anheuser-Busch InBev, Oddity Tech , Bilibili and AppLovin. Oddity Tech The global beauty tech platform is firing on all cylinders, the firm wrote. Analyst Anna Lizzul praised the company's "innovative" digital offering in a recent note and says it has a wide moat for growth. "With the vast majority of its sales direct-to-consumer (DTC) we see ODD at a strategic vantage point to grow with this rise," she wrote. The firm also raised its price target to $80 per share from $68 in advance of the company's earnings report on Aug. 4. "We see ODD well positioned to benefit from the beauty category increasingly moving to online sales as consumers' preferred purchasing channels shift," she went on to say. Shares are up 64% this year. Bilibili Analyst Miranda Zhuang is standing by shares of the China-based online video platform. Bank of America recently attended an investor day and came away feeling even more constructive on the stock. "Management highlighted strategies centering on high-quality content, AI empowerment to content and monetization, long-lifecycle games," she wrote. Zhuang raised her price target on the stock to $27 per share from $25 citing the company's second-quarter earnings report in mid-August as yet another positive catalyst for the stock. "We reiterate our Buy rating given Bilibili's unique platform value proposition, long growth runway, and benefits from AI," Zhuang said. Bilibili shares are up 28% this year. Anheuser-Busch InBev Shares of the alcoholic beverage giant have plenty more room to run, according to the firm. The company is scheduled to report its second-quarter earnings on July 31. "Volume in Q2 will likely be held back, again, by China and the US, but we expect continued margin expansion in Q2, supporting +5.6% organic EBITDA growth," analyst Andrea Pistacchi wrote. However, despite the possible volume decline, the firm says there's plenty of other positive catalysts. "One of the main areas of focus for Q2/H1 results will be share buy backs," he said. Meanwhile, shares of the company are up almost 40% this year. "We continue to like ABI, as one of the most reliable staples compounders," he went on to say. Oddity Tech "An innovative consumer tech platform, ODD utilizes proprietary technology to provide consumers with product recommendations. We see ODD well positioned to benefit from the beauty category increasingly moving to online sales as consumers' preferred purchasing channels shift. ... With the vast majority of its sales direct-to-consumer (DTC) we see ODD at a strategic vantage point to grow with this rise." Bilibili "Management highlighted strategies centering on high-quality content, AI empowerment to content and monetization, long-lifecycle games. ... We reiterate our Buy rating given Bilibili's unique platform value proposition, long growth runway, and benefits from AI. ... We expect 2Q ad business to benefit from good ad spend from ecommerce campaigns and the digital products category." Anheuser-Busch InBev "Volume in Q2 will likely be held back, again, by China and the US, but we expect continued margin expansion in Q2, supporting +5.6% organic EBITDA growth. .... One of the main areas of focus for Q2/H1 results will be share buy backs. ... We continue to like ABI, as one of the most reliable staples compounders." AppLovin "APP remains top pick under coverage. We see big upside to CY26 EBITDA expectations, with this print potentially prompting upward revisions; the vast majority of investors we spoke with appear to exclude both a continued managed service onboarding ramp, and a major self-serve ramp in CY26." Amazon "Expect retail beat, AWS growth in focus for 2nd half. ... We think Amazon's focus on the customers and the buyer experience is right for the Internet. We think Amazon is well positioned to capitalize on the global growth of eCommerce and other secular trends such as cloud computing, online advertising and connected devices." Read more.
Forbes
12 minutes ago
- Forbes
FBI Confirms Phantom Hacker Warning For All Android And iPhone Users
Beware the Phantom Hacker, FBI warns smartphone users. When the FBI issues a public service advisory, you'd be well advised to take note, in my never humble opinion. Whether the subject of that cybersecurity alert is an attack on routers, the latest ransomware threat warning, or involves a password-stealing, 2FA bypass. Of particular note, however, are the FBI warnings that relate specifically to smartphone users, given how ubiquitous the things are now. The latest has just been posted to the X, formerly known as Twitter, social media platform by the FBI Los Angeles, which warns that a series of phantom hacker attacks can see smartphone users losing their life savings. Here's what you need to know and do. The FBI Phantom Hacker Warning A July 15 posting to X, by the official FBI Los Angeles account, served to remind all smartphone users, be they of the Android or iPhone persuasion, to beware of so-called Phantom Hackers scams. These are the FBI warning outlined, 'where cyber criminals use a 3-prong attack against victims using tech support, financial institution, & government impersonation scams simultaneously.' The payout, if successful? Your life savings. That posting actually references a much older threat, one that was first flagged by the FBI public service announcement, alert number I-091223-PSA, way back in September 2023. Nothing, however, has changed since then, and the fact that the FBI has seen fit to bring the scam back into the public consciousness now should be all the warning that you need to take it very seriously indeed. So, what is a Phantom Hacker scam? Simply put, the FBI explained that the attack layers 'imposter tech support, financial institution, and government personas' in an effort to engender trust in the victim as well as to 'identify the most lucrative accounts to target.' Should you be on the end of such an attack, the FBI warned, victims face 'the loss of entire banking, savings, retirement, or investment accounts under the guise of protecting their assets.' The three-phase attacks comprise: The FBI has requested victims should report these activities to their local FBI field office and the FBI IC3 at
