Latest news with #SharePointServer
Kuwait Times
24-07-2025
- Business
- Kuwait Times
Microsoft warns Chinese hackers targeting customers
SAN FRANCISCO: Chinese state-sponsored hackers are actively exploiting critical security vulnerabilities in users of Microsoft's popular SharePoint servers to steal sensitive data and deploy malicious code, the US tech giant warned Tuesday. Microsoft said it has observed three threat groups—dubbed Linen Typhoon, Violet Typhoon, and Storm-2603 –- targeting internet-facing SharePoint servers using two newly disclosed vulnerabilities that allow attackers to bypass authentication and execute remote code. SharePoint Server is Microsoft's collaboration and document management platform designed for businesses and organizations. Many large organizations use SharePoint as their primary platform for internal collaboration and for storing documents, and is appreciated for working well with other Microsoft products like Office, Teams, and Outlook. The attacks, which Microsoft said began as early as July 7, affect only on-premises SharePoint installations and do not impact the cloud-based SharePoint Online service, the company said in a security bulletin. Microsoft warned that it 'assesses with high confidence' that the threat actors will continue their assault against vulnerable systems where companies haven't taken the necessary precautions. The vulnerabilities allow attackers to spoof authentication credentials and execute malicious code remotely on vulnerable servers. Microsoft has released comprehensive security updates to address the malware and urged customers to apply the patches immediately. In their successful attacks, the Chinese hackers deployed malicious code that provides backdoor access to compromised systems. The attackers used these tools to steal machine encryption keys and maintain access to targeted networks. Linen Typhoon, active since 2012, primarily focuses on intellectual property theft from government, defense, and human rights organizations. Violet Typhoon, operating since 2015, conducts espionage against former government officials, NGOs, think tanks, and media organizations across the United States, Europe, and East Asia. Storm-2603, which Microsoft assesses with 'medium confidence' to be China-based, has previously deployed ransomware but its current objectives remain unclear. Research from cybersecurity company Check Point said the campaign began on July 7 against a major Western government and that the attacks intensified dramatically around July 18. Since then, researchers have confirmed dozens of compromise attempts primarily targeting organizations in North America and Western Europe, Check Point said in a blog post. –AFP
Forbes
24-07-2025
- Forbes
Google Chrome Security Warning — 19 Days To Update Deadline Issued
Update Google Chrome now. With the cybersecurity world's focus firmly on Microsoft and the ongoing SharePoint Server hacking fiasco, you might have forgotten that another technology giant, Google, still has its own security problems. Yes, I'm talking about the Google Chrome web browser, and the latest brace of confirmed vulnerabilities. As well as the two new high-severity and highly concerning security issues impacting Chrome users, the Cybersecurity and Infrastructure Security Agency has referenced yet another already-exploited vulnerability, as it urges all users to update before August 12. Here's what you need to know and do. Google Chrome 138 Security Update Confirmed The Google Chrome browser is not unsafe. There, I've got that out of the way. Just because security vulnerabilities are discovered more often than spots on my back does not make Chrome insecure; there's a pretty strong argument to suggest the opposite. The fact that so many eyes are on the browser, that so many people find and disclose these vulnerabilities before threat actors do, can be interpreted as a good thing, as it means that Google can fix them. Sadly, that isn't going to cut the mustard with your average user who only sees that another security vulnerability has been found, another weakness that could lead to them being under attack. The latest confirmation comes from Google Chrome's Srinivas Sista in a July 22 posting, with two security vulnerabilities, both given a high-severity rating, being found by external security researchers. CVE-2025-8010 and CVE-2025-8011 are both type confusion vulnerabilities in the Chrome V8 JavaScript engine. These are problematic, to say the least, as an exploit of the same could lead to the possibility of arbitrary code execution within the browser. As such, Google is rolling out an update to all users that takes Chrome to 138.0.7204.168/.169 for Windows, Mac and 138.0.7204.168 for Linux, across the coming days and weeks. Don't delay, make sure you have updated today rather than waiting for it to reach you. Head for Settings|Help|About Google Chrome to kickstart the update process, and don't forget to relaunch the browser to activate the patched browser. Google Chrome Update Deadline — 19 Days To Act When it comes to the CISA warning that comes with an August 12 deadline to update the Google Chrome browser, this actually concerns an earlier vulnerability of the zero-day variety. Yep, one that is under active exploitation, hence the addition to the CISA Known Exploited Vulnerabilities catalog, which triggers a mandatory 21-day update deadline for certain Federal Civilian Executive Branch agencies. Now, don't go thinking that this has nothing to do with you or your organization if you fall outside of that mandatory remit, because you would be foolish not to heed the CISA advice. 'CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice,' the July 22 posting said. I've said it before, and I will keep on saying it: do not wait, update Google Chrome and relaunch the browser whenever any security vulnerabilities have been confirmed. You know it makes sense.
Malaysia Sun
23-07-2025
- Business
- Malaysia Sun
SharePoint flaw exploited in hacks on agencies, firms: Microsoft
WASHINGTON, D.C.: Microsoft has warned of active cyberattacks targeting a widely used server software that allows businesses and government agencies to share documents internally. The company urged customers to apply critical security updates immediately to avoid exploitation. The software under attack is Microsoft's on-premise SharePoint Server, which is commonly deployed by organizations that manage their infrastructure. Microsoft clarified that its cloud-based SharePoint Online service within Microsoft 365 is not affected. In a security advisory issued on July 19, the company described the threat as a "zero-day" attack, referring to the exploitation of a previously unknown software flaw. According to experts cited by The Washington Post, which first reported the breach, the flaw has been used in recent days to launch cyberattacks against U.S. and international government agencies and businesses. Tens of thousands of servers may be vulnerable. "We've been coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners globally throughout our response," a Microsoft spokesperson said. "Security updates have been issued and customers should install them immediately." The vulnerability allows an attacker with network access to perform "spoofing"—a type of deception in which a malicious actor impersonates a trusted entity. This technique can be used to manipulate systems, financial markets, or internal communications by masking the source of malicious activity. The FBI confirmed over the weekend that it is aware of the ongoing attacks and is working with federal agencies and private-sector partners to investigate, though it provided no further details. Microsoft said it is developing updates specifically for the 2016 and 2019 versions of SharePoint. Until those fixes are available, customers unable to implement Microsoft's recommended security configurations should consider disconnecting affected servers from the internet to limit exposure. Spoofing attacks can be hazardous in environments like government networks or financial institutions, where trust in digital communications is paramount. Microsoft has provided detailed mitigation instructions for system administrators to secure their environments while patches are rolled out. This incident is the latest in a string of cyber threats affecting critical infrastructure and enterprise tools. These often involve sophisticated attackers exploiting unpatched vulnerabilities before companies are aware they exist.
Canada News.Net
23-07-2025
- Business
- Canada News.Net
Microsoft issues urgent alert over document server attacks
WASHINGTON, D.C.: Microsoft has warned of active cyberattacks targeting a widely used server software that allows businesses and government agencies to share documents internally. The company urged customers to apply critical security updates immediately to avoid exploitation. The software under attack is Microsoft's on-premise SharePoint Server, which is commonly deployed by organizations that manage their infrastructure. Microsoft clarified that its cloud-based SharePoint Online service within Microsoft 365 is not affected. In a security advisory issued on July 19, the company described the threat as a "zero-day" attack, referring to the exploitation of a previously unknown software flaw. According to experts cited by The Washington Post, which first reported the breach, the flaw has been used in recent days to launch cyberattacks against U.S. and international government agencies and businesses. Tens of thousands of servers may be vulnerable. "We've been coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners globally throughout our response," a Microsoft spokesperson said. "Security updates have been issued and customers should install them immediately." The vulnerability allows an attacker with network access to perform "spoofing"—a type of deception in which a malicious actor impersonates a trusted entity. This technique can be used to manipulate systems, financial markets, or internal communications by masking the source of malicious activity. The FBI confirmed over the weekend that it is aware of the ongoing attacks and is working with federal agencies and private-sector partners to investigate, though it provided no further details. Microsoft said it is developing updates specifically for the 2016 and 2019 versions of SharePoint. Until those fixes are available, customers unable to implement Microsoft's recommended security configurations should consider disconnecting affected servers from the internet to limit exposure. Spoofing attacks can be hazardous in environments like government networks or financial institutions, where trust in digital communications is paramount. Microsoft has provided detailed mitigation instructions for system administrators to secure their environments while patches are rolled out. This incident is the latest in a string of cyber threats affecting critical infrastructure and enterprise tools. These often involve sophisticated attackers exploiting unpatched vulnerabilities before companies are aware they exist.
Techday NZ
22-07-2025
- Techday NZ
SharePoint zero-day flaw exploited as over 9,000 servers at risk
Cybersecurity experts have raised fresh alarms following reports of active exploitation targeting Microsoft SharePoint servers worldwide. The scale and sophistication of the attacks, which began to surface in detailed research at the end of last week, are causing concern among organisations that rely on the popular collaboration platform for critical information infrastructure. The vulnerability at the centre of the incident, now assigned as CVE-2025-53770, affects a wide cross-section of SharePoint Server deployments. Research from Eye Security first brought attention to what it described as "active, large-scale exploitation," driven by a zero-day weakness identified within a pair of vulnerabilities collectively known as ToolShell. Successful exploitation allows attackers to extract the MachineKey configuration details from vulnerable servers - exposing both the validationKey and decryptionKey, which are crucial to securing authentication tokens and encrypted data. This critical information, once in criminal hands, can be weaponised. As Satnam Narang, Senior Staff Research Engineer at Tenable, explained, "Attackers were able to exploit the flaw, now identified as CVE-2025-53770, to steal MachineKey configuration details from vulnerable SharePoint Servers. These details can be used by attackers to create specially crafted requests that could be used to gain unauthenticated remote code execution." Narang noted that the consequences for affected organisations may be severe, with broad implications for data integrity and security across industry sectors. Indicators of compromise are already being circulated among security teams. Organisations are being urged to check for evidence of unauthorised access, with one telltale sign being the sudden creation of files named " on vulnerable servers, possibly under other extensions. The scope of exposure is significant, with estimates suggesting over 9,000 externally accessible SharePoint servers are potentially at risk. These systems are deployed globally by enterprises, government entities, and a range of other organisations relying on SharePoint for document management and collaboration. Patching efforts have commenced in earnest. Microsoft began distributing fixes late on 20 July, prioritising SharePoint Server 2019 and SharePoint Subscription Edition. A remedy for SharePoint Server 2016 remains pending but is expected imminently. Narang advised, "We strongly advise organisations to begin conducting incident response investigations to identify potential compromise; otherwise, apply the available patches and review the mitigation instructions provided by Microsoft." Andrew Obadiaru, Chief Information Security Officer at offensive security firm Cobalt, warned that the speed and depth of zero-day exploitation leaves little margin for delay or complacency. "Zero-day vulnerabilities in widely deployed platforms like SharePoint are a goldmine for attackers because they provide immediate, scalable access to high-value environments. "The challenge isn't just patching - it's that attackers typically implant persistence mechanisms within hours, ensuring long-term footholds. Defence strategies need to assume breach and validate controls through proactive testing, including red teaming and continuous pentesting, to uncover weaknesses before adversaries do. In today's threat landscape, reactive security alone is a losing game." Obadiaru's remarks echo growing industry consensus that traditional perimeter defences are proving insufficient in the face of increasingly sophisticated and rapid cyber threats. Security teams are being encouraged to revisit their incident response and detection protocols, embracing a proactive security posture and preparing for the possibility that attackers may already be inside their networks. For now, the advice from the security community is clear: immediate action is essential. Organisations are urged to initiate incident response processes, apply available patches without delay, and review configuration settings for any signs of compromise. Vigilance and proactive testing will be the defining factors in limiting the fallout from yet another high-profile zero-day targeting widely used enterprise software.
