Latest news with #SatnamNarang
Techday NZ
22-07-2025
- Techday NZ
SharePoint zero-day flaw exploited as over 9,000 servers at risk
Cybersecurity experts have raised fresh alarms following reports of active exploitation targeting Microsoft SharePoint servers worldwide. The scale and sophistication of the attacks, which began to surface in detailed research at the end of last week, are causing concern among organisations that rely on the popular collaboration platform for critical information infrastructure. The vulnerability at the centre of the incident, now assigned as CVE-2025-53770, affects a wide cross-section of SharePoint Server deployments. Research from Eye Security first brought attention to what it described as "active, large-scale exploitation," driven by a zero-day weakness identified within a pair of vulnerabilities collectively known as ToolShell. Successful exploitation allows attackers to extract the MachineKey configuration details from vulnerable servers - exposing both the validationKey and decryptionKey, which are crucial to securing authentication tokens and encrypted data. This critical information, once in criminal hands, can be weaponised. As Satnam Narang, Senior Staff Research Engineer at Tenable, explained, "Attackers were able to exploit the flaw, now identified as CVE-2025-53770, to steal MachineKey configuration details from vulnerable SharePoint Servers. These details can be used by attackers to create specially crafted requests that could be used to gain unauthenticated remote code execution." Narang noted that the consequences for affected organisations may be severe, with broad implications for data integrity and security across industry sectors. Indicators of compromise are already being circulated among security teams. Organisations are being urged to check for evidence of unauthorised access, with one telltale sign being the sudden creation of files named " on vulnerable servers, possibly under other extensions. The scope of exposure is significant, with estimates suggesting over 9,000 externally accessible SharePoint servers are potentially at risk. These systems are deployed globally by enterprises, government entities, and a range of other organisations relying on SharePoint for document management and collaboration. Patching efforts have commenced in earnest. Microsoft began distributing fixes late on 20 July, prioritising SharePoint Server 2019 and SharePoint Subscription Edition. A remedy for SharePoint Server 2016 remains pending but is expected imminently. Narang advised, "We strongly advise organisations to begin conducting incident response investigations to identify potential compromise; otherwise, apply the available patches and review the mitigation instructions provided by Microsoft." Andrew Obadiaru, Chief Information Security Officer at offensive security firm Cobalt, warned that the speed and depth of zero-day exploitation leaves little margin for delay or complacency. "Zero-day vulnerabilities in widely deployed platforms like SharePoint are a goldmine for attackers because they provide immediate, scalable access to high-value environments. "The challenge isn't just patching - it's that attackers typically implant persistence mechanisms within hours, ensuring long-term footholds. Defence strategies need to assume breach and validate controls through proactive testing, including red teaming and continuous pentesting, to uncover weaknesses before adversaries do. In today's threat landscape, reactive security alone is a losing game." Obadiaru's remarks echo growing industry consensus that traditional perimeter defences are proving insufficient in the face of increasingly sophisticated and rapid cyber threats. Security teams are being encouraged to revisit their incident response and detection protocols, embracing a proactive security posture and preparing for the possibility that attackers may already be inside their networks. For now, the advice from the security community is clear: immediate action is essential. Organisations are urged to initiate incident response processes, apply available patches without delay, and review configuration settings for any signs of compromise. Vigilance and proactive testing will be the defining factors in limiting the fallout from yet another high-profile zero-day targeting widely used enterprise software.
Indian Express
22-07-2025
- Business
- Indian Express
Microsoft SharePoint hack: CERT-In flags ongoing threat, follow these steps to secure your systems
CERT-In, India's nodal cybersecurity agency, has flagged multiple vulnerabilities in Microsoft SharePoint Server that have been actively exploited by hackers to access sensitive user data or compromise systems through spoofing attacks. SharePoint Server 2019 and SharePoint Enterprise Server 2016 as well as the subscription edition of the platform deployed by organisations on-premises have been affected in the hack, according to a CERT-In advisory issued on Tuesday, July 22, with a 'Critical' severity rating. SharePoint is a web-based collaboration and document management platform developed by Microsoft. It allows organisations to create, manage, and share content and applications in a centralised environment. All end-user organisations and individuals using affected Microsoft SharePoint Server installations are at risk of unauthorized access to sensitive data, remote code execution, and potential disruption of services, the cybersecurity watchdog said. 'A remote attacker could exploit these vulnerabilities by sending specially crafted requests to the targeted system. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, access sensitive data, or perform spoofing attacks on the targeted system,' CERT-In said, adding that the vulnerabilities are being actively exploited in the wild. CERT-In has published Vulnerability note on its website (22-07-2025) Multiple vulnerabilities in Microsoft SharePoint Serverhttps:// — CERT-In (@IndianCERT) July 22, 2025 The warning comes a day after researchers on Monday, July 21, uncovered a sweeping cyber espionage operation targeting Microsoft server software that has resulted in at least 100 organisations being compromised, according to a report by Reuters. Most of the affected organisations are located in the United States and Germany, as per the Shadowserver Foundation, a California-based non-profit cybersecurity organisation. Microsoft on July 19, issued an alert about 'active attacks' on self-hosted SharePoint servers. However, SharePoint instances run off of Microsoft servers were unaffected. 'Attackers were able to exploit the flaw, now identified as CVE-2025-53770, to steal MachineKey configuration details from vulnerable SharePoint Servers, which include both a validationKey and a decryptionKey. These details can be used by attackers to create specially crafted requests that could be used to gain unauthenticated remote code execution,' Satnam Narang, Senior Staff Research Engineer at Tenable, said in a statement to It is not clear who is behind the ongoing 'zero-day' attack, which is a hack that is carried out by exploiting a vulnerability that was previously undisclosed. However, Google researchers have tied at least some of the hacks to a 'China-nexus threat actor.' In response, Microsoft has rolled out security updates and CERT-In, in its advisory, encouraged customers to install them in order to address the vulnerabilities. According to Narang, organisations can find out if their systems have been compromised in the hack by searching for indicators such as 'a file created on the vulnerable servers called In addition to applying the security updates, CERT-In suggested the following mitigation measures for affected organisations: – Rotate the MachineKey values (ValidationKey and DecryptionKey) after applying the updates to invalidate any compromised credentials. – Enable AMSI (Antimalware Scan Interface) integration in SharePoint to enhance detection of malicious activity. – Deploy Microsoft Defender Antivirus or a compatible endpoint protection solution with updated signatures. – Scan SharePoint directories (e.g., LAYOUTS folder) for unauthorized ASPX files such as – Monitor systems for suspicious process activity such as spawning or – Restrict external access to on-premises SharePoint servers where feasible until patched.
Tahawul Tech
13-02-2025
- Business
- Tahawul Tech
Love in the time of AI — Unveiling the dark sde of digital romance
Stay vigilant as romance scams peak during Valentine's — Secure your online love and shopping this February People are often blinded by love, but let it not blind you to the extent that you overlook red flags while making online purchases or shopping digitally on Valentine's Day. The surge in e-commerce activity attracts cybercriminals with scams such as phishing, counterfeit websites, and offers that seem too good to be true. It's crucial to verify the authenticity of websites, utilize secure payment methods, and restrict the personal information you share. Always check for reviews and ensure the website uses HTTPS for secure transactions. Being cautious of unsolicited emails and messages is essential to protect your identity and finances during this high-spend period. Scams are stealing hearts and bank accounts Be cautious not to 'swipe right' into a scam as Valentine's Day approaches. Researchers at Tenable Inc., the exposure management company, warn that romance scams continue to be the biggest consumer threat today. 'Many of these scammers operate from overseas and don't speak fluent English,' said Satnam Narang, senior staff research engineer at Tenable. 'AI helps them craft sophisticated, emotionally compelling messages that make their scams more believable and harder to detect.' Romance scams affect people of all ages and backgrounds, but elderly individuals, former military personnel, and those seeking financial arrangements are among the most vulnerable. Scammers deploy various tactics, from impersonating service members using stolen photos to orchestrating fake 'sugar mummy and daddy' schemes, luring victims into fraudulent financial transactions. Others entice victims into adult video chats that require paid registrations, generating illicit profits in the process. The most dangerous form of romance scam today is 'romance baiting,' previously known as pig butchering. In these long-term cons, scammers establish fake relationships to build trust before convincing their victims to invest in bogus cryptocurrency or stock platforms. This method has now overtaken other romance scams in terms of prevalence and financial impact. 'People have lost their life savings to romance scams, and it's heartbreaking,' said Narang. 'Victims are often blamed for falling for these schemes, but these scams are highly manipulative and exploit vulnerabilities that anyone could have.' Recovering stolen funds is notoriously difficult, particularly when cryptocurrency is involved. To make matters worse, scammers often double down by targeting victims again, posing as recovery agents who promise to retrieve lost funds—for a fee. Garth Braithwaite, GM Emerging Markets at Gigamon, said: 'Too often, we rely on big tech to handle security alone, but staying safe online is a shared responsibility. Each of us must stay alert: cybercriminals devote every moment to finding new ways to breach defenses, especially with the help of generative AI. We can't expect corporate training alone to solve this. People outside office walls rarely see such guidance, leaving many of them exposed. In a world where AI fuels sophisticated romance scams, how are tech companies using it to bolster dating platforms and shield users from new threats? Ultimately, personal awareness is as vital as any company measure.' Top Technologies Hackers Would 'Love' to Target in 2025 Positive Technologies recently revealed the results of an analytical study into the key technology trends of 2024 and their projected impact on security. With Valentine's Day approaching, their experts identified five key areas that are driving technological advances or 'love interests' cybercriminals can't wait to woo. Artificial intelligence (AI) Positive Technologies predicts that the use of AI in cyberattacks will increase in 2025: AI will be used more frequently in vulnerability scanning tools, data analysis, text recognition, and social engineering tactics. Blockchain and digital assets In 2025, attacks on cryptocurrency holders are expected to increase, with new ways to trick users. Scams to steal digital currencies will become more common, making it harder to protect funds. Fraud schemes involving digital currencies aimed at stealing funds will also become widespread. Internet of Things (IoT) By 2025, the number of attacks on consumer and commercial IoT systems is expected to increase significantly, affecting everything from individual homes to entire cities. Cloud technologies The analysts predict that in 2025, cybercriminals will increasingly target cloud solutions for data theft and extortion. In September, Microsoft researchers reported an attack that compromised hybrid cloud environments. This campaign resulted in data exfiltration, persistent access to the affected infrastructure, and ransomware deployment. It targeted multiple sectors, including government, manufacturing, and transportation. Autonomous vehicles The digitalization of transportation systems is advancing rapidly: the market for autonomous vehicles will grow sixfold by 2032. At the same time, cyberattacks exploiting vulnerabilities in autopilots, sensors, and IoT gateways are on the rise. As we move forward in 2025, software developers and IT companies are becoming primary targets of attacks. 'This year the effects of software supply chain attacks will likely become more apparent. In attacks on IT companies, we may see a rise in successful incidents, with attackers using compromised developer credentials for initial access. Supply chain attacks continue to be an acute challenge. According to our review of incident investigations, the proportion of attacks where a compromised contractor's network was used to gain initial access to a target organization has increased from isolated incidents (in 2021–2023) to 15% of all attacks in 2024,' said Ekaterina Snegireva, Senior Analyst at Positive Technologies. Much of the protection of legitimate users of dating applications comes in the form of warnings suggesting they be mindful if a potential match may intend to scam them, showing a warning once at the start of a conversation thread providing resources on how to spot a potential scam forming. Aaron Bugal, Field CTO APJ, Sophos, said: 'Given that many of these initial conversations are short with the scammer urging the victim to move off the dating platform – where protections could be applied – and onto messaging platforms uncontrollable by the dating application provider is a key telltale sign that something isn't right, and the user should exercise more caution around who they may be talking with. As such, AI could be adopted to help spot those initial 'lustful lures' on dating applications, especially around this time of year to help detect and weed out fraudulent matches – however, with many legitimate people looking for love and needing to put their best foot forward with a witty and catchy line, could be considered an unwanted advanced by the AI.' With romance scams becoming more sophisticated due to generative AI, tech companies are leveraging AI to enhance safety on dating platforms. AI-driven profile verification, such as video selfie checks, ensures authenticity and reduces fake accounts. Ezzeldin Hussein, Regional Senior Director, Solution Engineering, SentinelOne, said: 'Deepfake detection tools help identify AI-generated images and videos used for deception. AI-powered content moderation analyzes interactions in real-time, flagging suspicious behavior and preventing scams before they escalate. Platforms also use machine learning algorithms to detect scam-like conversation patterns, alerting users to potential risks. Additionally, companies focus on user education, warning about AI-driven scams and encouraging vigilance. Security firms provide AI-powered scam detection tools to assess communication authenticity. By integrating these AI safety measures, dating platforms aim to safeguard users from fraudsters exploiting AI for deception, making online dating safer in an era where digital impersonation is becoming increasingly advanced.' Research highlights the rise of AI-driven scams using chatbots and deepfake technology, urging vigilance and offering guidelines to identify fraud. AI-powered tools are being developed to detect scam patterns in messages, alerting users to potential threats. Reverse image search tools help verify online identities, reducing the risk of deception. Awareness campaigns share real scam cases to help users recognize warning signs. Educational content, scam detection tools, and real-time alerts are being integrated to equip users with the knowledge and resources to protect themselves. By promoting digital skepticism and safe online practices, these initiatives aim to prevent fraudsters from exploiting emotions and financial trust in online interactions. Burcak Soydan, Managing Executive for Middle East at NTT DATA MEA, said: 'NTT DATA is actively addressing the surge in AI-driven fraud, including romance scams, by implementing several key initiatives. NTT DATA emphasizes the importance of user education in combating AI-enhanced scams. They advocate for increased awareness about the sophisticated tactics employed by fraudsters, such as the use of AI to create convincing fake profiles and communications.' Soydan informed that recognizing the dual role of AI in both perpetrating and preventing scams, NTT DATA promotes the use of Explainable AI. XAI enhances transparency by making AI models more interpretable and accountable, allowing users to understand how AI systems arrive at their decisions. This approach helps in identifying and mitigating biases, thereby reducing the risk of AI being exploited for fraudulent activities.
