Latest news with #SHAWNCHEN
Japan Today
22-07-2025
- Japan Today
What to know about a vulnerability being exploited on Microsoft SharePoint servers
By SHAWN CHEN Microsoft has issued an emergency fix to close off a vulnerability in Microsoft's widely-used SharePoint software that hackers have exploited to carry out widespread attacks on businesses and at least some U.S. government agencies. The company issued an alert to customers on July 19 saying it was aware of the zero-day exploit being used to conduct attacks and that it was working to patch the issue. Microsoft updated its guidance Sunday with instructions to fix the problem for SharePoint Server 2019 and SharePoint Server Subscription Edition. Engineers were still working on a fix for the older SharePoint Server 2016 software. 'Anybody who's got a hosted SharePoint server has got a problem,' said Adam Meyers, senior vice president with CrowdStrike, a cybersecurity firm. 'It's a significant vulnerability.' Companies and government agencies around the world use SharePoint for internal document management, data organization and collaboration. A zero-day exploit is a cyberattack that takes advantage of a previously unknown security vulnerability. "Zero-day" refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the exploit affecting SharePoint is "a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations with on-premise SharePoint servers.' Security researchers warn that the exploit, reportedly known as 'ToolShell,' is a serious one and can allow actors to fully access SharePoint file systems, including services connected to SharePoint, such as Teams and OneDrive. Google's Threat Intelligence Group warned that the vulnerability may allow bad actors to "bypass future patching.' Eye Security said in its blog post that it scanned over 8,000 SharePoint servers worldwide and discovered that at least dozens of systems were compromised. The cybersecurity company said the attacks likely began on July 18. Microsoft said the vulnerability affects only on-site SharePoint servers used within businesses or organizations, and does not affect Microsoft's cloud-based SharePoint Online service. But Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, warns that the exploit still leaves many potentially exposed to bad actors. 'While cloud environments remain unaffected, on-prem SharePoint deployments — particularly within government, schools, health care including hospitals, and large enterprise companies — are at immediate risk." The vulnerability targets SharePoint server software so customers of that product will want to immediately follow Microsoft's guidance to patch their on-site systems. Although the scope of the attack is still being assessed, CISA warned that the impact could be widespread and recommended that any servers impacted by the exploit should be disconnected from the internet until they are patched. 'We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response. An immediate, band-aid fix would be to unplug your Microsoft SharePoint from the internet until a patch is available,' Sikorski advises. © Copyright 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
Japan Today
09-07-2025
- Japan Today
Samsung unveils its new line of foldable devices at Unpacked
The new Galaxy Z Flip 7 is displayed during a Samsung preview event in New York, Monday, July 7, 2025. (AP Photo/Seth Wenig) By SHAWN CHEN Samsung introduced several updates to its foldable devices lineup on Wednesday, with the new Galaxy Z Fold 7, Z Flip 7, and the new Z Flip 7 FE taking stage at the latest Unpacked event. The Korean electronics company unveiled the upgrades — including new versions of their watch — in New York but also announced an expanded partnership with Google to inject more artificial intelligence into its foldable lineup. Here are the biggest announcements from this summer's Unpacked event: The Galaxy Z Fold 7 is much thinner and lighter than its predecessors, coming in at 0.17 inch thick when unfolded and less than half an inch folded. It also weighs slightly less than half a pound, an impressive feat considering the company also increased the total size of the screens from the Fold 6 — now 6.5 inches for the exterior screen and 8 inches for the interior screen. The battery capacity remains the same as the previous generation. But unlike previous generations of fold devices, this one doesn't support the company's digital stylus. A 200 megapixel camera will act as the main capture and a 10 megapixel camera that extends along the frame of the phone gives users the ability to quickly capture wide shots. The Fold 7 will retail starting at $1,999. Pre-orders start today, and the device will hit shelves on July 25. The flippable cousin of the Fold has an enlarged 4.1-inch top screen and the clamshell folds down to just over half an inch. The inner display grows to 6.9 inches from the Flip 6's 6.7 inches. It gets a slightly bigger 4,300mAh battery and maintains a 50 megapixel main camera and 10 megapixel front camera. A new, cheaper version of the phone, called the Galaxy Z Flip 7 FE was also announced today. It's a slightly smaller version — keeping the Fold 6's 6.7 inch screen size — of its premium counterpart. The Galaxy Z Flip 7 will retail for $1,099.99 and the Flip 7 FE starts at $899.99. Pre-orders for both devices began Wednesday and both will be available generally on July 25. The Galaxy Watch Ultra, Watch 8 and Watch 8 Classic have all been refreshed with various updates — memory, thickness, design — but the main takeaway from today's event is that Google's Gemini AI was being preloaded onto the devices. Users can access the AI by speaking to their watch. Rick Osterloh, Google's senior vice president of devices and services, appeared in a pre-recorded video at Unpacked to announce that the AI Mode of its search engine will be used in Samsung's circle to search function, allowing users to make quick queries by tapping or circling things on their screen. And Gemini will receive further integration with base Samsung device apps, like Calendar and Reminders. © Copyright 2025 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed without permission.
