Latest news with #vulnerability
Forbes
42 minutes ago
- Business
- Forbes
What To Know About Microsoft SharePoint Hack—Government Agencies And Businesses Targeted
A vulnerability in Microsoft's SharePoint server software was exploited by hackers to carry out 'active attacks' globally on various entities, including businesses and U.S. federal agencies, prompting the software giant to issue an emergency patch. Microsoft deployed an emergency security patch for some users on Sunday night. dpa/picture alliance via Getty Images In a statement on X, Microsoft said it has released a security update for SharePoint Subscription Edition and SharePoint 2019 users to 'mitigate active attacks' targeting servers running the software. The company noted that the vulnerability only impacts companies using Microsoft's software to host their own servers, and customers relying on Microsoft's 365 cloud services have not been affected. Citing government officials and security researchers, the Washington Post reported that the vulnerability affected U.S. federal and state agencies, universities and various businesses. In a statement on Sunday night, the Cybersecurity and Infrastructure Security Agency (CISA) said it was 'aware of active exploitation of a new…vulnerability enabling unauthorized access to on-premise SharePoint servers.' The federal agency said the vulnerability allowed malicious actors to 'access file systems and internal configurations, and execute code over the network.' The security patch released by Microsoft only fixed the vulnerability on the latest 'SharePoint Subscription Edition and SharePoint 2019.' The company said it is still actively working on a fix for the older SharePoint 2016 version. It is unclear how many government entities and businesses are still using the 2016 version. In its advisory, the company advises affected users to 'consider disconnecting your server from the internet until a security update is available.' What Has Microsoft Said? A Microsoft spokesperson told Reuters that the company has been 'coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response.' The hack targeting SharePoint users is referred to as a 'zero-day' attack, as the hackers exploited a previously unknown vulnerability. Dutch cybersecurity firm Eye Security was the first to report on the zero-day exploit over the weekend. The company said its team scanned more than 8,000 SharePoint servers worldwide on Friday and 'discovered dozens of systems actively compromised.' The company stated that these attacks occurred in two waves on July 18 and 19.
Yahoo
an hour ago
- Business
- Yahoo
Microsoft Server Software Comes Under Widespread Cyberattack
(Bloomberg) -- Microsoft Corp.'s server software was exploited by unidentified hackers, with analysts warning of widespread cybersecurity breaches across the globe. Why the Federal Reserve's Building Renovation Costs $2.5 Billion Milan Corruption Probe Casts Shadow Over Property Boom How San Jose's Mayor Is Working to Build an AI Capital The Redmond, Washington-based software maker said it had released a new security patch for customers to apply to their SharePoint servers 'to mitigate active attacks targeting on-premises servers,' adding it was working to roll out others. The vulnerability allowed hackers to access file systems and internal configurations, as well as execute code, the US Cybersecurity and Infrastructure Security Agency said. Cybersecurity firms cautioned that a broad section of organizations around the world could be affected by the breach. Silas Cutler, a researcher at Michigan-based cybersecurity firm Censys, estimated that more than 10,000 companies with SharePoint servers were at risk. The US had the largest number of those companies, followed by the Netherlands, the UK and Canada, he said. 'It's a dream for ransomware operators, and a lot of attackers are going to be working this weekend as well,' he added. Palo Alto Networks Inc. warned that 'these exploits are real, in-the-wild, and pose a serious threat.' Google Threat Intelligence Group said in an e-mailed statement it had observed hackers exploiting the vulnerability, adding it allows 'persistent, unauthenticated access and presents a significant risk to affected organizations.' 'When they're able to compromise the fortress that is SharePoint, everybody is kind of at their whim because that is one of the highest security protocols out there,' said Gene Yu, CEO of Singapore-based cyber incident response firm Blackpanda. The Washington Post reported that the breach had affected US federal and state agencies, universities, energy companies and an Asian telecommunications company, citing state officials and private researchers. Researchers at Eye Security were the first to identify the vulnerability, Cutler said. They reported an intrusion on Friday resembling one identified earlier in the week in a demo by researchers Code White GmbH, which reproduced vulnerabilities presented by others at the Pwn2Own hacking contest. Eye Security said the vulnerability allows hackers to access SharePoint servers and steal keys that can let them impersonate users or services even after the server is patched. It said hackers can maintain access through backdoors or modified components that can survive updates and reboots of systems. A Microsoft spokesperson declined to comment beyond the company's statement. Microsoft has faced a series of recent cyberattacks, warning in March that Chinese hackers were targeting remote management tools and cloud applications to spy on a range of companies and organizations in the US and abroad. The Cyber Safety Review Board, a White House-mandated group designed to examine major cyberattacks, said last year that Microsoft's security culture was 'inadequate' following the 2023 hack of the company's Exchange Online mailboxes. In that incident, hackers were able to breach 22 organizations and hundreds of individuals, including former US Commerce Secretary Gina Raimondo. (Updates with details, quotes from the sixth paragraph.) A Rebel Army Is Building a Rare-Earth Empire on China's Border Thailand's Changing Cannabis Rules Leave Farmers in a Tough Spot Elon Musk's Empire Is Creaking Under the Strain of Elon Musk How Starbucks' CEO Plans to Tame the Rush-Hour Free-for-All What the Tough Job Market for New College Grads Says About the Economy ©2025 Bloomberg L.P. Sign in to access your portfolio
CNN
an hour ago
- Business
- CNN
Microsoft alerts businesses and governments to attacks on SharePoint servers
Microsoft has issued an alert about 'active attacks' on server software used by government agencies and businesses to share documents within organizations and recommended security updates that customers should apply immediately. The Federal Bureau of Investigation said Sunday it is aware of the attacks and is working closely with its federal and private sector partners, but offered no other details. In an alert issued Saturday, Microsoft (MSFT) said the vulnerabilities apply only to SharePoint servers used within organizations. It said SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks. 'We've been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response,' a Microsoft spokesperson said, adding that the company had issued security updates and urged customers to install them immediately. The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses. The hack is known as a 'zero day' attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk. In the alert, Microsoft said that a vulnerability 'allows an authorized attacker to perform spoofing over a network.' It issued recommendations to stop the attackers from exploiting it. In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization or website. Earlier, Microsoft said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it added.
News24
4 hours ago
- Business
- News24
Microsoft warns businesses, governments of server software attack
• For more financial news, go to the News24 Business front page. Microsoft has issued an alert about "active attacks" on server software used by government agencies and businesses to share documents within organisations, and recommended security updates that customers should apply immediately. The FBI said on Sunday it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details. In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organisations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks. "We've been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response," a Microsoft spokesperson said, adding that the company had issued security updates and urged customers to install them immediately. The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted US and international agencies and businesses. The hack is known as a "zero day" attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk. In the alert, Microsoft said that a vulnerability "allows an authorised attacker to perform spoofing over a network." It issued recommendations to stop the attackers from exploiting it. In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization or website. Earlier, Microsoft said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it added.
Zawya
5 hours ago
- Zawya
Microsoft alerts businesses, governments to server software attack
WASHINGTON: Microsoft has issued an alert about "active attacks" on server software used by government agencies and businesses to share documents within organizations, and recommended security updates that customers should apply immediately. The FBI said on Sunday it is aware of the attacks and is working closely with its federal and private-sector partners, but offered no other details. In an alert issued on Saturday, Microsoft said the vulnerabilities apply only to SharePoint servers used within organizations. It said that SharePoint Online in Microsoft 365, which is in the cloud, was not hit by the attacks. "We've been coordinating closely with CISA, DOD Cyber Defense Command and key cybersecurity partners globally throughout our response," a Microsoft spokesperson said, adding that the company had issued security updates and urged customers to install them immediately. The Washington Post, which first reported the hacks, said unidentified actors in the past few days had exploited a flaw to launch an attack that targeted U.S. and international agencies and businesses. The hack is known as a "zero day" attack because it targeted a previously unknown vulnerability, the newspaper said, quoting experts. Tens of thousands of servers were at risk. In the alert, Microsoft said that a vulnerability "allows an authorized attacker to perform spoofing over a network." It issued recommendations to stop the attackers from exploiting it. In a spoofing attack, an actor can manipulate financial markets or agencies by hiding the actor's identity and appearing to be a trusted person, organization or website. Earlier, Microsoft said it is working on updates to 2016 and 2019 versions of SharePoint. If customers cannot enable recommended malware protection, they should disconnect their servers from the internet until a security update is available, it added. (Reporting by Timothy Gardner in Washington; Editing by Frank McGurty, Leslie Adler and Lincoln Feast.)
