Latest news with #Sikorski
Axios
21 hours ago
- Axios
Microsoft hack risk spreads as cybercriminals and nation-states pile in
A critical flaw in a major Microsoft document storage tool is hitting the organizations least able to defend themselves, security researchers and incident responders tell Axios. Why it matters: Schools, hospitals and government agencies are "sitting ducks" as they determine whether their servers have even been affected, one security executive said. Hackers are rushing into the breach, including groups linked to the Chinese government. Driving the news: Microsoft warned over the weekend of "active attacks" targeting a "zero-day" vulnerability in its on-premise SharePoint server. Today, the company said it has observed at least three China-based hacking groups, including two tied to the government, exploiting the vulnerability since as early as July 7. Charles Carmakal, CTO at Google's Mandiant, added that multiple threat groups are also now exploiting the bug. The Cybersecurity and Infrastructure Security Agency confirmed that attackers could exploit the bug to gain access to sensitive files or execute code remotely. At least one estimate puts the number of already compromised organizations near 100. The Washington Post reports that victims include state and federal agencies, universities, an energy company, and an Asian telecommunications firm. "It's not one specific group that is going to be doing the hacking of this anymore," Michael Sikorski, CTO at Palo Alto Networks' Unit 42 threat intelligence team, told Axios. "Everybody's getting on the train." The big picture: Security teams will likely spend weeks, even months, unpacking the full scope of the breach and what damage is still to come. Researchers say the hackers have been stealing machine keys from targeted entities, which will allow them to keep breaking into the organizations even after they patch the SharePoint issue. "Because the attack blends in with just normal, legitimate activity, it's quite hard to detect what's unusual and what's atypical," Kayne McGladrey, a senior member of the Institute of Electrical and Electronics Engineers, told Axios. Zoom in: Sikorski said Unit 42 is actively working with Microsoft to notify affected entities, but many victims likely still don't know they've been hit. "For those organizations that don't have a threat detection or red team capability built in, they are undoubtedly going to be at a longer time of risk for this because they just don't have the visibility," McGladrey said. Between the lines: The flaw mostly threatens legacy SharePoint systems still used by smaller public-sector entities and critical-infrastructure operators. Those organizations are unlikely to have the resources to quickly spin up their own investigations and response teams, Sikorski said. "That's the scary part," Sikorski said. "Not only are they sitting ducks, but they don't have the capability to deal with it." The intrigue: While Microsoft released a patch Monday to fix the issue in all affected versions of SharePoint, even patched systems may not be fully safe if attackers already gained entry, stole machine keys or installed new backdoors. What's next: Security experts say the SharePoint hacking activity will likely unfold in waves. Opportunistic hackers, such as cybercriminal gangs, will race to exploit exposed servers, aiming to steal login credentials, plant backdoors and deploy ransomware. Meanwhile, stealthier groups, including nation-state actors, will burrow into high-value organizations for the long haul, quietly stealing sensitive data and setting up persistent access that could go undetected for months.
Newsweek
3 days ago
- Newsweek
Microsoft Issues Alert After Critical SharePoint Server Attacks
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Microsoft has issued an urgent security alert warning of "active attacks" targeting SharePoint servers used by government agencies and businesses worldwide. The attacks, discovered over the weekend, exploit a previously unknown vulnerability in the document-sharing software, prompting immediate action from both Microsoft and federal investigators. The Federal Bureau of Investigations (FBI) told Newsweek on Sunday that it is aware of the incidents and working with federal and private-sector partners to address the threat. The Washington Post first reported the hacks, citing unidentified actors who exploited the flaw to target U.S. and international agencies and businesses over the past few days. Newsweek reached out to Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) on Sunday via email for comment. Why It Matters This zero-day attack represents a significant cybersecurity threat to organizations relying on SharePoint for internal document management and collaboration. The vulnerability affects government agencies, schools, healthcare systems including hospitals, and large enterprise companies, with attackers bypassing multi-factor authentication and single sign-on protections to gain privileged access. What To Know The vulnerability affects only on-premises SharePoint servers used within organizations, not Microsoft's cloud-based SharePoint Online service. Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek in an email statement that "attackers are bypassing identity controls, including MFA and SSO, to gain privileged access. Once inside, they're exfiltrating sensitive data, deploying persistent backdoors, and stealing cryptographic keys." According to Sikorski, the attackers have already established footholds in compromised systems, making patching alone insufficient to fully remove the threat. The compromise extends beyond SharePoint due to its deep integration with Microsoft's platform, including Office, Teams, OneDrive and Outlook. "What makes this especially concerning is SharePoint's deep integration with Microsoft's platform," Sikorski said. "A compromise doesn't stay contained—it opens the door to the entire network." Microsoft has released a security update for SharePoint Subscription Edition and is developing patches for 2016 and 2019 versions. The company recommends organizations that cannot immediately apply protective measures should disconnect their servers from the internet until updates become available. FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash. FILE - A Microsoft sign and logo are pictured at the company's headquarters, Friday, April 4, 2025, in Redmond, Wash. (AP Photo/Jason Redmond, File What People Are Saying Microsoft Security Team in a statement: "We recommend security updates that customers should apply immediately." Michael Sikorski, CTO and Head of Threat Intelligence for Unit 42 at Palo Alto Networks, told Newsweek: "If you have SharePoint on-prem exposed to the internet, you should assume that you have been compromised at this point. This is a high-severity, high-urgency threat. We are urging organizations who are running on-prem SharePoint to take action immediately and apply all relevant patches now and as they become available, rotate all cryptographic material, and engage professional incident response." The Cybersecurity and Infrastructure Security Agency said on Sunday: "CISA is aware of active exploitation of a new remote code execution (RCE) vulnerability enabling unauthorized access to on-premise SharePoint servers. While the scope and impact continue to be assessed, the new Common Vulnerabilities and Exposures (CVE), CVE-2025-53770, is a variant of the existing vulnerability CVE-2025-49706 and poses a risk to organizations. This exploitation activity, publicly reported as "ToolShell," provides unauthenticated access to systems and enables malicious actors to fully access SharePoint content, including file systems and internal configurations, and execute code over the network." The FBI told Newsweek in an email response that they are: "Aware of the attacks and working closely with federal and private-sector partners," though they declined to provide additional operational details. What Happens Next Organizations using affected SharePoint versions face immediate decisions about disconnecting servers from the internet until patches become available. Palo Alto Networks is actively notifying affected customers and working closely with Microsoft's Security Response Center to provide updated threat intelligence. Microsoft continues developing patches for older SharePoint versions, with timeline details yet to be announced.
Newsweek
16-07-2025
- Politics
- Newsweek
Russia Strikes NATO Ally's Factory in 'Deliberate' Attack
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. Russia intentionally struck a Polish-owned factory in Ukraine, Warsaw's foreign minister said on Wednesday. Moscow launched drones at a flooring factory in the central Ukrainian city of Vinnytsia operated by the Barlinek Group, headquartered in the Polish city of Kielce, Radosław Sikorski said in a statement posted to X. "The plant manager told me just now that it was deliberate," Sikorski said. Ukraine's state emergency service said early on Wednesday local time that eight people had been hospitalized after Russian drone strikes on two civilian industrial facilities and four residential buildings in Vinnytsia. The uncrewed aerial vehicles (UAVs) caused "large-scale fires," Ukrainian authorities said. An image published by Ukrainian emergency services early on Wednesday after Russian drone strikes on the central region of Vinnytsia overnight into July 16, 2025. An image published by Ukrainian emergency services early on Wednesday after Russian drone strikes on the central region of Vinnytsia overnight into July 16, 2025. State Emergency Service of Ukraine/ Telegram Two people were "severely burned," Sikorski said. A local official in Vinnytsia said five people had received burns, categorized as "severe" for three people. Referring to Russian President Vladimir Putin, the Polish diplomat added: "Putin's criminal war is getting closer to our borders." More to follow
Euronews
13-07-2025
- Politics
- Euronews
Polish FM Sikorski: Anti-immigrant hysteria harms Poland
Poland's foreign minister has condemned racism and anti-Semitism on Saturday, saying they harm Poland. "Anti-immigrant hysteria harms Poland, it awakens the worst demons, and Holocaust denial excludes us from civilised nations", - Sikorski said in a recording published on the X platform. His statement followed a series of incidents in the country, including a statement by far-right MEP Grzegorz Braun in which he proclaimed that "the gas chambers at Auschwitz were fake". "Pilecki did not volunteer for Auschwitz so that now some scoundrel undermines his report for political gain," Sikorski replied. Witold Pilecki, a Polish officer and intelligence agent, let himself get arrested and interned at Auschwitz in 1940 to document what was happening there and escaped from the death camp three years later. Before returning to Poland after the war -- where he was executed by the Communist authorities in 1948 -- he compiled and published his reports on the genocide at Auschwitz. In the recording, Sikorski also recalled incidents in Zamość, where artists from Spain, India, Senegal and Serbia, as well as revellers at the 22nd Eurofolk festival which concluded on Sunday, were insulted and the Municipal Police received reports of a "refugee invasion". "This is not the only such case in the country," Sikorski commented. He also referred to the current situation at the Polish-German border, where members of so-called citizen patrols have been shouting anti-immigrant and anti-German slogans. On 7 July, Poland introduced border controls with Germany and Lithuania in response to growing criticism of Germany's decision to send back thousands of migrants who they claimed had illegally crossed the border back into Poland. "We have the right to control the borders by authorised services. We have the right to know who is legally in Poland. But there is no acquiescence to the escalating campaign of racism and the anti-Semitism it fuels," said the head of Polish diplomacy, adding that as foreign minister, he must take care of Poland's image around the world. "I am proud of Poland. Poland has always been a hospitable country, and Poles and Polish women are better than those who 'rat on strangers and fuel the spiral of hatred,'" the country's top diplomat stressed.
Miami Herald
30-06-2025
- Business
- Miami Herald
Russia Predicts Why NATO Will Collapse
Russia's foreign minister, Sergey Lavrov, has predicted that the dramatic increase in NATO defense spending agreed last week will lead to its collapse. Responding to the statement on Thursday from Poland's foreign minister, Radoslaw Sikorski, that an arms race between Russia and the West could result in the fall of Vladimir Putin, Lavrov said: "He can probably see—since he is such a wise sage—that the disastrous increase in spending of NATO countries will also lead to the collapse of this organization." "Meanwhile, Russia—as President [Vladimir Putin] said the other day in Minsk after the Supreme Eurasian Economic Council meeting—plans to reduce its military spending and be guided by common sense, rather than imaginary threats, as NATO member states do, including Sikorski," he said, according to Russia's state TASS news agency. In an interview with the AFP news agency last week, Sikorski said: "Putin should understand that he is on the path of (Soviet leader Leonid) Brezhnev. He himself once said that the Soviet Union collapsed because it spent too much on armament, and now he is doing exactly the same thing." NATO leaders reached a historic agreement last week to significantly increase defense spending, following strong pressure from U.S. President Donald Trump. The 32-member alliance voiced an "ironclad commitment" to mutual defense in the event of an attack, reaffirming its core collective security principle. In a joint summit statement, the leaders pledged to allocate 5% of their GDP annually to core defense needs and related security spending by 2035, aiming to strengthen both individual and collective security obligations. NATO Secretary-General Mark Rutte hailed the summit as "transformational." Trump called the spending boost "something that no one really thought possible. And they said, 'You did it, sir. You did it.' Well, I don't know if I did it, but I think I did." However, not all members are on board. Spain has already made it clear it cannot meet the target, and other countries have raised concerns. Still, the agreement includes a 2029 review, which will coincide with the next U.S. presidential elections, to assess the progress and recalibrate NATO's response to Russia's growing threat. The alliance also reaffirmed its commitment to mutual defense, with a renewed emphasis on the principle that "an attack on one is an attack on all." Trump had cast doubt on the U.S.'s readiness to defend its allies in the lead-up to the summit. "Together, allies have laid the foundations for a stronger, fairer, and more lethal NATO," Rutte told reporters following the meeting in The Hague. "This will fuel a quantum leap in our collective defense." This article includes reporting from The Associated Press. Related Articles Ukrainian President Moves to Withdraw From Ottawa Convention: What to KnowNATO Scrambles Fighter Jets After Russia's Largest Air Assault on UkraineNATO Scrambles Fighter Jets To Intercept Russia Spy PlanesIran Joins China and Russia in Security Talks After US Strikes 2025 NEWSWEEK DIGITAL LLC.
