Latest news with #RCE
Fast Company
01-08-2025
- Fast Company
How your org can avoid being a victim of the next 'SharePoint'
Few cybersecurity threats generate as much alarm as remote code execution, or RCE. This type of flaw allows an attacker to run malicious code on someone else's device—no physical access required. It's a chilling scenario: a hacker, potentially halfway across the world, gains the ability to infiltrate systems, steal data, or disrupt operations. What makes RCE vulnerabilities so dangerous isn't just the immediate impact—it's the unknown consequences that can follow. In just a matter of days, a recently disclosed RCE vulnerability in Microsoft SharePoint, the enterprise platform many companies rely on to store and share internal documents, sent shockwaves of concern throughout organizations, leaving many searching for answers as to what they need to know and how they can protect themselves and their customers. Why did this thing get so big so fast? The SharePoint vulnerability received a severity score of 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), which is a standardized framework used to assess and prioritize security flaws. A score that high signals a critical risk, meaning affected organizations should apply the available patch immediately. The extreme severity, paired with SharePoint's widespread use in enterprise environments, helped the threat (and the headlines) spread rapidly. When an attack of this scale occurs, it's natural to look for something or someone to blame. Outdated or neglected systems are often among the first to be blamed in cybersecurity, but in this case, legacy infrastructure wasn't the issue. SharePoint is actively maintained, and a patch was already available. The challenge was that security teams typically don't know what's vulnerable until a flaw is publicly disclosed—and from there, it becomes a race to assess risk and apply the fix before attackers can take advantage. Protecting company secrets The SharePoint RCE vulnerability is a reminder that protecting sensitive information starts with controlling who has access to it. One of the simplest ways to keep intruders out is by using multi-factor authentication—the process of confirming your identity with more than just a password. Yes, it can be a hassle to enter a code from your phone, but that small extra step makes it much harder for attackers to break in. SharePoint comes with built-in tools that let organizations control who can see and edit files. But those tools only work if they're used wisely. For example, not every employee needs access to every document. Keeping sensitive files limited to just the people who need them helps reduce the risk if someone does manage to sneak into the system. It's also important to watch for unusual behavior—small signs that something might be wrong. If someone's account suddenly tries to access files they don't normally use, logs in from an unfamiliar location or gets blocked repeatedly when trying to open restricted content, those are red flags. Many organizations use tools like Security Information and Event Management (SIEM) platforms and user and entity behavior analytics (UEBA) to catch these early warning signs. SIEM tools help security teams monitor activity across the network, while UEBA uses patterns and data to flag behavior that's out of the ordinary. Together, they can help stop an attack before it causes serious damage. Now what? Incidents like the SharePoint vulnerability highlight just how quickly a virtual flaw can turn into a real-world problem—exposing sensitive data, disrupting operations and shaking trust. These events offer organizations a moment to revisit the fundamentals: making sure employees know how to recognize phishing attempts, limiting who has access to critical documents and using safeguards like multi-factor authentication to keep intruders out. But the real key is consistency. Cybersecurity has to be built into the culture of the organization. That means clear policies, ongoing awareness, and fast action when something feels off. The companies that fare best in the face of threats like RCEs aren't always the biggest or most high-tech—they're the ones that stay alert, respond quickly and prioritize cybersecurity as an essential part of the business.
Al Etihad
22-07-2025
- General
- Al Etihad
Abu Dhabi taps youth in mission to turn climate intention into action across GCC
SARA ALZAABI (ABU DHABI) With the UAE capital officially recognised as a centre of expertise for environmental education and sustainability, the Environment Agency – Abu Dhabi (EAD) is determined to transform eco-awareness into tangible community action – and the youth would be driving force in this mission. In a first for the GCC, Abu Dhabi recently secured membership in the United Nations University (UNU) network of Regional Centres of Expertise (RCEs) on Education for Sustainable Development (ESD). The EAD is spearheading this regional mission. Speaking to Aletihad, Ahmed Baharoon, Executive Director for Environmental Information, Science, and Outreach Management at EAD, explained Abu Dhabi's priorities as RCE: 'The Regional Centre of Expertise in Abu Dhabi (Abu Dhabi - RCE) focuses on bridging the gaps in addressing the diverse environmental challenges facing the region, including climate change, biodiversity loss, and pollution.' 'This initiative directly contributes to SDG 4.7 by building knowledge and skills for sustainable development, and supports SDG 13.3 by enhancing education and capacity-building on climate change, encompassing policy, conservation, and technological solutions,' he added. The goal is to link education with concrete climate action, Baharoon said, and empowering the youth - the future environmental stewards - is central to achieving this. 'To ensure the RCE's relevance and impact, the youth must play a central role - through advisory boards, leading initiatives, and active participation in decision-making. Their ideas, energy, and unique perspectives are vital to tackling sustainability challenges,' he said. The youth has already made a mark. The youth-led 'Generation Restoration', for example, has helped shape Abu Dhabi's road map during 2024 World Environmental Education Congress. Their voice and insights will remain crucial in the centre's development. The RCE's establishment marks only the beginning of Challenge 6.3 under the UNEP Action Plan for the Decade of Ecosystem Restoration. Empowering 'Generation Restoration' through youth-focused curricula (for ages 10–16 and 16+) and 5,000 collaborative partnerships would be a key measure of success. Baharoon outlined clear markers that would indicate the RCE's success over the next five years. '[These] include achieving a significant increase in community engagement in sustainability initiatives; realising measurable positive impacts on local environmental conditions; the development and dissemination of innovative educational resources and programmes; and the establishment of strong, collaborative partnerships across various sectors,' he said. Shaping Eco Lifestyles As it reaches out to the community, Abu Dhabi – RCE aims to drive climate action by offering field-based learning, tapping into cultural knowledge, and promoting behavioural change. EAD's naha platform will play a key role in supporting this mission. Available online, naha serves as an environmental lifestyle guide, providing a single access point to EAD's initiatives. 'Through 'my naha', users receive a personalised climate lifestyle journey, accessible 24/7, with a special emphasis on engaging younger generations,' according to information on The naha platform is more than a digital tool, Baharoon said. 'It is a central hub for collaboration and learning, offering interactive modules, workshops, and forums to engage stakeholders in advancing sustainability. It underpins the RCE's work by making its resources widely accessible across the region.' Scaling impact across the GCC is another priority for the RCE, Baharoon said, 'Starting with our Abu Dhabi initiatives, we will support the Ministry of Education at the UAE level, and make our online platforms naha and e-GREEN regionally accessible.' A Greener Future Looking ahead, Baharoon said the RCE recognition will 'elevate Abu Dhabi's standing to become a key driving force in transformative learning and climate action'. 'It will attract increased investment towards environmental initiatives and provide a strong platform to adopt innovative environmental education initiatives, exchange best practices, and foster collaboration across government, NGOs, and the community,' he added. In the future, the EAD official sees the Abu Dhabi – RCE 'expanding its network of partners, deepening its engagement with local communities, and developing innovative programmes that address emerging sustainability challenges'. 'This includes a greater focus on areas such as climate change adaptation, nature-based solutions, the circular economy, biodiversity conservation, and sustainable urban development,' he said.
Forbes
08-07-2025
- Entertainment
- Forbes
Call Of Duty Hacked — What Gamers Need To Know
Call of Duty:WW11 Hacked — What gamers need to know When you hear the words remote code execution, you either go blank or think of a vulnerability that can let a hacker take control of your system. What you don't do, I am willing to bet, is think of your favorite first-person shooter game. Yet for fans of Call of Duty: WWII, RCE has taken center stage as the game is pulled from Game Pass just days after being added, as hackers use the vulnerability to attack. Here's what we know so far. Call Of Duty: WWII RCE Hack Attacks Every now and then, the worlds of gaming and cybersecurity collide. Be it because Counter-Strike 2 skin-hackers have attacked, graphics card vulnerabilities hit the headlines, or those searching for game cracks on YouTube find themselves in the hacker crosshairs. The latest warning comes as Activision pulls Call Of Duty: WWII from Game Pass just days after it arrived, following reports of players being hacked using a remote code execution vulnerability and ceding control of their systems to attackers. I have approached Activision and Microsoft for a statement regarding the Call of Duty: WWII security situation, and will update this article should one be forthcoming. To date, the only official word has come from a very brief posting to X, the social media platform formerly known as Twitter, which stated: 'Call of Duty: WWII on PC Microsoft Store was brought offline while we investigate reports of an issue.' Players of the 2017 Call of Duty game have, Malwarebytes reported, seen hackers using the RCE vulnerability to 'gain remote access to other players' computers during games.' Once this access was achieved, such things as opening command prompts and forcing the shutdown of those machines occurred, alongside the sending of messages using Notepad and changing wallpaper to pornographic imagery. FEATURED | Frase ByForbes™ Unscramble The Anagram To Reveal The Phrase Pinpoint By Linkedin Guess The Category Queens By Linkedin Crown Each Region Crossclimb By Linkedin Unlock A Trivia Ladder 'This vulnerability is particularly alarming because it not only allows hackers to disrupt gameplay,' Pieter Arntz , senior malware intelligence analyst with Malwarebytes, said, 'it has the potential to compromise gamers' entire PCs remotely.' Gamers playing Call of Duty: WWII on their PC via Microsoft Store or Game Pass are advised to cease until there is more clarity regarding the RCE security issue.
Time of India
04-07-2025
- Time of India
The entire Call of Duty World War 2 RCE hack controversy explained
Image via Activision. It's been not a great start for Call of Duty World War 2 on the Xbox Game Pass. Players have been reporting about their systems being attacked by severe RCE hacks, compromising the whole machine. Call of Duty World War 2 became a part of the highly popular subscription service on June 30, making it the fourth available CoD title in Xbox Game Pass, after Black Ops 6, Modern Warfare III, and Warzone. But no CoD fan could ever imagine in their worst nightmares what would happen next. Call of Duty World War 2 gets hit by RCE hackers after being added to Xbox Game Pass Call of Duty World War 2 was one of the most successful titles in the entire franchise. There is no doubt that fans became immensely happy after the game became available on Xbox Game Pass. But what happened next was utterly shocking. There have been several reports from the fans that after downloading the game from Game Pass, their system got seriously exploited by Remote Code Execution (RCE) hackers. In one instance, the hackers even went on to take control of the whole computer of a user and opened up the notepad in it to communicate with him. This is actually one of the most conercing and shocking incidents in the gaming world ever. No one would imagine how serious the consequences of RCE hacking can become. This is actually a type of cyberattack where the targeted machine or server gets compromised after remotely executing some arbitrary codes on them. These malicious codes usually consist of scripts, binaries, and commands to make the system vulnerable. As Call of Duty World War 2 is an eight year old game, it needed some proper security layers before being added to Game Pass. As the time goes by, the hackers are becoming more and more advanced. So, to cope up with them, serious anti-cyber attack measures should be implemented in older titles if those are going to be made available on modern platforms. As of now, there has been no official response yet from either Activision or Microsoft regarding this RCE massacre. Until some official hotfix arrives, players are strictly advised to stay away from downloading Call of Duty World War 2 from Xbox Game Pass. Yes, players who have the original game purchased previously can play the game without any hassle. It's still unclear how deep the hackers have dug into Xbox Game Pass and Call of Duty World War 2, so an official explanation of the whole situation is the need of the hour right now. A few days ago, some older Call of Duty titles got sudden updates , speculating a potential entry into the Xbox Game Pass. However, after this severe attack on CoD WW2, those titles seem even more unlikely to be featured in the popular subscription system. Read More: After consoles and games, Microsoft may increase price of Xbox Game Pass For real-time updates, scores, and highlights, follow our live coverage of the India vs England Test match here . Game On Season 1 continues with Mirabai Chanu's inspiring story. Watch Episode 2 here.
New Straits Times
24-06-2025
- Business
- New Straits Times
RCE Capital impairments to stay above RM30mil as civil servant bankruptcies rise
KUALA LUMPUR: RCE Capital Bhd's impairment provisions to stay above RM30 million in the financial year 2026 (FY26), as civil servant bankruptcies rise and the fallout from the "Op Sky" fraud probe continues to ripple through its loan book. CIMB Securities said while there are initial signs of moderation in impairment provisions, "management cautions it is too early to call a normalisation trend", adding that impairments in FY26 are likely to remain well above historical averages. The group's impairment losses surged to RM15 million in the fourth quarter ended March 31, 2025 (4QFY25), up 79.2 per cent quarter-on-quarter, bringing total impairment losses for the year sharply higher. The spike was attributed to increased financing disbursements, updated macro assumptions, and scam-related impairments linked to the Malaysian Anti-Corruption Commission's "Op Sky" investigation. The probe uncovered a syndicate that allegedly helped blacklisted civil servants obtain loans using forged documents. As of May 27, about RM1.96 million, or 0.1 per cent of RCE's financing portfolio, was identified as exposed and has been fully impaired. Adding to the pressure is the government's "second chance policy", which allows individuals to voluntarily declare bankruptcy in exchange for financial rehabilitation. Impairments related to bankruptcy jumped 115.2 per cent year-on-year in FY25. Consequently, CIMB Securities said RCE's non-performing financing (NPF) rose to RM95.5 million in 4QFY25, up 14.7 per cent from a year earlier, lifting its NPF ratio to 4.6 per cent, above its historical range. The firm has revised down its earnings forecasts for RCE by up to 6.1 per cent for FY26 to FY28 and lowered its dividend discount model-based target price to RM1 from RM1.23. The brokerage reiterated a "reduce" call on the stock. RCE has begun phasing out the use of the Accountant General's Department (AGD) as a salary deduction intermediary due to less favourable commercial terms, including a newly imposed five per cent profit rate cap on personal financing. Instead, the group will channel all new disbursements through its subsidiaries, Corewealth Alliance Dynamic Sdn Bhd and RCE Marketing Sdn Bhd, both of which use Angkasa's payroll deduction platform. "This transition enables RCE to retain a secure and efficient collection channel while redirecting some cost savings that were previously incurred as AGD's upfront fee. "It allows more flexible product offerings, such as competitive profit rates, cash rebates or value-added features," said CIMB Securities. RCE closed at RM1.18 on Monday, valuing the company at RM1.75 billion. The stock has declined 15.4 per cent over the past year and currently trades at a price-to-book ratio of two times, a premium to the sector average of one time. Looking ahead, the company expects a modest recovery in loan growth, supported by phased civil servant salary hikes introduced in December 2024 and January 2026. However, CIMB Securities cautioned that borrowing capacity among civil servants may already be stretched amid rising living costs and debt levels. "Coupled with intensifying competition from digital lenders like TnG Digital, Grab and Shopee, RCE's growth prospects remain constrained," it said.
