Latest news with #Mandiant
Yahoo
2 hours ago
- Business
- Yahoo
Microsoft Corp (MSFT) Patches SharePoint Vulnerability amid Global Havoc
Microsoft Corporation (NASDAQ:MSFT) is one of the best 52-week high stocks to buy now. On July 21, the software giant released a patch for a vulnerability that affected the servers of the SharePoint document management software. Asif Islam / The patch addressed a loophole that hackers used to breach the networks of governments, businesses, and other organizations worldwide and steal sensitive information. The revelations were highlighted by representatives from two cybersecurity firms, CrowdStrike Holdings and Google's Mandiant Consulting. Microsoft announced it had released security patches for customers to apply to their SharePoint servers to mitigate active attacks targeting on-premises servers. It has also confirmed it is working on rolling out others. The company has faced a series of cyber-attacks amid warnings that Chinese hackers were targeting remote management tools and cloud applications. Microsoft Corporation (NASDAQ:MSFT) is a technology company that develops, licenses, and supports software, services, devices, and solutions. It's best known for its operating systems, such as Windows, productivity software like Microsoft 365, and gaming consoles like Xbox. It also provides cloud computing services, hardware devices, and various other online services. While we acknowledge the potential of MSFT as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you're looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock. READ NEXT: 10 Best Biotech Stocks to Buy According to Billionaire Steve Cohen and 11 Growth Stocks That Could Double by 2027. Disclosure: None. This article is originally published at Insider Monkey.
CNA
20 hours ago
- Politics
- CNA
Commentary: As cyber threats grow, Singapore walks a careful line on identifying state actors
SINGAPORE: The recent disclosure that a cyber threat group, identified as UNC3886, was attacking critical infrastructure in Singapore took many by surprise. The announcement was made by Coordinating Minister for National Security and Minister for Home Affairs K Shanmugam during a speech at the 10th anniversary of the country's Cyber Security Agency (CSA) last Friday (Jul 18). He warned that Singapore was actively dealing with a "highly sophisticated threat actor" capable of conducting espionage and 'major disruption to Singapore and Singaporeans'. UNC3886 has been described by Google-owned cybersecurity company Mandiant as a group with a China nexus. Understandably, the Chinese embassy in Singapore was dissatisfied that UNC3886 was described as being linked to China. One question that may intrigue readers more was why the minister did not link UNC3886 to a particular country. Was this a perfunctory attempt to publicly attribute a cyber threat, or was it a policy decision by Singapore based on careful strategic calculations? In his announcement, it was apparent that Mr Shanmugam deliberately focused on only naming the threat group, rather than directly pointing to any country. When he was asked the following day about UNC3886's alleged links to China, he said this was "speculative". "What Mandiant does is what Mandiant does ... Who they (UNC3886) are linked to and how they operate is not something I want to go into," he said. TECHNICAL VS POLITICAL ATTRIBUTION Past cases suggest that when it comes to cyberattacks, Singapore prefers technical attribution over political attribution. The former is based on forensic evidence of tactics, while the latter is based on intelligence to name and shame a country. Without direct state attribution, it is often the media and analysts who examine potential links and broader implications as part of their reporting and analysis. For example, when Singapore telecommunications company Singtel disclosed a malware attack in November 2024, it was a Bloomberg report that attributed it to Volt Typhoon, a group allegedly sponsored by China. Similarly, when Singapore blocked roughly 100 social media accounts for circulating disinformation in July 2024, including those linked to a right-wing group created by former Donald Trump adviser Steve Bannon, it made no mention of the United States. During peacetime, technical attribution offers a more pragmatic way to deter cyber threats. Cyberspace is a complex environment, and non-state threat groups, which may or may not act on the behest of a state, are the dominant actors there. This method allows authorities to expose threat groups without directly shaming the country from which they may be operating. Arguably, not shaming the country where the threat group operates from could risk emboldening future attacks and invite scrutiny from security partners who expect transparency. More importantly, it may make public education about the seriousness of cyber threats more challenging. The public may not understand the full context, for example, of the motivation or geopolitical implications of an attack. WHY NAMING WITHOUT SHAMING While Singapore avoids attributing cyber threats to specific states, naming and shaming is the preferred approach for many Western countries and some of their Asian allies, particularly those that view China as a preeminent threat. For countries not directly involved in adversarial relations or those that pursue a foreign policy of non-alignment, it may be more prudent to deter cyber threats without exacerbating geopolitical animosity. The cost of escalation may be too high a risk to bear. Moreover, it remains debatable whether naming and shaming helps to curb cyber threats in a meaningful way. In Singapore's context, there could also be other plausible strategic considerations. First, Singapore is a cosmopolitan country made up of locally born citizens, naturalised citizens and foreigners. Social cohesion is the glue that keeps its people together and maintains communal harmony. Publicly identifying another country as a threat carries the risk of fuelling racism and xenophobia, including Sinophobia. For example, in 2021, the fear that the Singapore-India Comprehensive Economic Cooperation Agreement (CECA) posed a threat to the livelihood of citizens raised the ugly head of xenophobia. Second, there is an observable trend in which Western cybersecurity companies often attribute cyber threat groups to China following incidents involving Western digital networks. Even if there is forensic evidence to link these groups to China, these companies often hold contracts with the US government, creating both commercial and political incentives to focus blame on China. If Singapore is seen as endorsing these companies' attributions, it risks making the impression that Singapore has shifted its foreign policy of non-alignment and is siding with the US in the strategic rivalry with China, which involves cyber contestation. Third, while Singapore and China may have differing views on certain issues, both countries at the political level are keen to deepen their bilateral relations. During an official visit to Beijing in September 2024, Singapore Foreign Affairs Minister Vivian Balakrishnan described Singapore-China relations as a 'very bright spot' in a more volatile and less predictable world. Such a world is even less black and white, and similar to dealing with the US tariff threat, countries must find a balance between resisting compulsion and promoting cooperation. It is prudent not to let one issue define the overall state of bilateral relations. Furthermore, Singapore is a member of the Association of Southeast Asian Nations (ASEAN), and China is a dialogue partner of ASEAN. One essential area where ASEAN and China are cooperating is the signing of the ASEAN-China Free Trade Area (ACFTA) 3.0 in October 2025, aimed at building economic resilience. ASEAN countries, therefore, need to consider both national and regional interests. In the same vein, the overall state of bilateral relations - as well as factors such as motivation, attack impact and international law - would determine how Singapore responds to cyber threats originating from other countries. The world is witnessing a growing militarisation of cyberspace where countries in the West, Middle East and Asia are developing military cyber capabilities. Some may be more willing to conduct offensive cyber operations if their interests with Singapore diverge. WHEN NAMING MIGHT BE NECESSARY However, these considerations do not necessarily preclude non-aligned countries like Singapore from naming and shaming any country as a cyber threat actor should the situation justify it. A careful examination of what constitutes Singapore's most vital national interests may provide insight into how and when such a shift in posture might occur. Plausible scenarios could include external military threats operating in both physical and cyberspace domains, as well as a cyberattack that is not for espionage purposes but creates a disruptive impact that endangers the lives of people in Singapore. For example, imagine a scenario where Singapore faces military coercion and concurrently a cyberattack by a state-linked threat actor that shuts down the digital infrastructure and electrical systems of hospitals nationwide, resulting in deaths. These are extreme scenarios that, hopefully, Singapore will never have to deal with but must prepare for in the unlikely event that they occur.
The Verge
2 days ago
- Business
- The Verge
A senator is trying to find out how secure US telecom networks are after a major hack.
Posted Jul 23, 2025 at 8:28 PM UTC A senator is trying to find out how secure US telecom networks are after a major hack. Senate Commerce Committee Ranking Member Maria Cantwell (D-WA) is hunting for answers about the state of US telecom network security after the Salt Typhoon hack first reported late last year. The attack was so massive that US officials encouraged Americans to use encrypted apps to prevent their conversations from being seen by hackers. Cantwell is asking digital forensics firm Mandiant to hand over assessments behind AT&T and Verizon's claims that their networks are now secure. Cantwell letter to Mandiant [ Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates. Lauren Feiner Posts from this author will be added to your daily email digest and your homepage feed. See All by Lauren Feiner Posts from this topic will be added to your daily email digest and your homepage feed. See All AT&T Posts from this topic will be added to your daily email digest and your homepage feed. See All Mobile Posts from this topic will be added to your daily email digest and your homepage feed. See All News Posts from this topic will be added to your daily email digest and your homepage feed. See All Policy Posts from this topic will be added to your daily email digest and your homepage feed. See All Security Posts from this topic will be added to your daily email digest and your homepage feed. See All Tech Posts from this topic will be added to your daily email digest and your homepage feed. See All Verizon
Axios
3 days ago
- Axios
Chinese hackers targeting SharePoint flaw for weeks, Microsoft says
At least three China-based hacking teams have been exploiting a previously unknown flaw in Microsoft SharePoint since at least July 7, the company said in a blog post. Why it matters: Microsoft and security researchers didn't uncover the vulnerability until this past weekend, leaving thousands of customers exposed to potential nation-state hacking. Driving the news: Microsoft said in a blog post Tuesday that it's observed three China-based hacking teams — two of which are based within the Chinese government — attempting to break into companies' networks using the SharePoint flaw. Microsoft tracks those groups under the names Linen Typhoon, Violet Typhoon and Storm-2603. Each cybersecurity company has their own naming convention for hacking teams based on their own internal data and telemetry. Google's Mandiant also said Monday that it has observed at least one China-backed group targeting the SharePoint flaws, but that multiple threat actors have started getting involved. Catch up quick: Over the weekend, Microsoft and several researchers warned about a new flaw in SharePoint servers that only affects those who use the technology on-premise, or on their own servers and not in the shared Microsoft cloud. The vulnerability could allow hackers to access content stored in SharePoint and execute code. Some experts also said they've seen hackers stealing machine keys when they break in, which would allow them to break back-in even after the SharePoint flaw is patched. So far, victims have included the Education Department, national governments in Europe and the Middle East, universities, energy companies and an Asian telecommunications firm, according to news reports. Zoom in: Linen Typhoon and Violet Typhoon are both government hacker teams that focus on espionage and stealing intellectual property, according to Microsoft. Storm-2603 takes a different approach and is known for stealing machine keys and deploying ransomware onto victims' devices. Microsoft says it's unclear what this hacking group's motives are. The Chinese Embassy did not immediately respond to a request for comment.
NBC News
3 days ago
- Business
- NBC News
Chinese hackers race to target Microsoft SharePoint vulnerability, tech giants say
A newly discovered critical flaw in Microsoft's SharePoint platform has spurred a mad frenzy from hackers — including some working for the Chinese government, Google and Microsoft say. The identities of which organizations have been hacked are still not public, but they are increasing and include multiple government agencies around the world, Charles Carmakal, the chief technology officer at Mandiant, Google's cloud security service, told NBC News. SharePoint works as a shared version of Microsoft Office, letting people in the same organization directly collaborate. The flaw in the software — initially classified as a 'zero day,' because there was not a patch for victims to defend themselves when it was first discovered — lets hackers gain significant access to the computers of organizations that host SharePoint. Cloud customers were not affected. Microsoft announced Saturday that the flaw was being exploited but only made a downloadable fix for it available Monday, prompting a scramble for organizations to patch it while capable hackers hurried to find additional victims who hadn't protected themselves. The incident echoes one in 2021, when a flaw in another Microsoft product, the email program Exchange, allowed a similar mad dash of hacking. In that case, the U.S. formally accused China of snooping on government emails, but a review board also blamed Microsoft for allowing it to happen. In a blog post published Tuesday morning, Microsoft said at least three Chinese hacking groups, two of which are associated with Chinese intelligence, have been exploiting the flaw. The U.S. government and its allies, as well as Western cybersecurity companies, routinely attribute cyber espionage efforts to China, which often downplays the accusations. A spokesperson for China's Embassy in Washington did not directly deny that Chinese intelligence has been using the exploit, but said, 'Cyber attacks are a common threat faced by all countries, China included.' 'China firmly opposes and combats all forms of cyber attacks and cyber crime — a position that is consistent and clear,' the spokesperson said. Neither the White House nor the Cybersecurity and Infrastructure Security Agency, which protects U.S. federal networks, responded to a request for comment.
