Latest news with #SharePoint2016
The Citizen
7 days ago
- Business
- The Citizen
SA's Treasury discovers malware as hackers exploit Microsoft flaw
Hackers reportedly breached hundreds of government agencies and companies around the world by exploiting a vulnerability in Microsoft's SharePoint server software. Most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands. Picture: iStock As South Africa continues to be a target of cybercriminals, ranking 27th globally among the most breached countries, the National Treasury (NT) has confirmed that it found malware on its Infrastructure Reporting Model website, an online infrastructure reporting and monitoring system. Treasury stated the issue was related to the recent attacks on SharePoint, a widely used web-based platform developed by Microsoft for collaboration and document management. Government agencies Hackers reportedly breached hundreds of government agencies and companies worldwide by exploiting a vulnerability in Microsoft's SharePoint server software. Most of the victims are in the US, followed by Mauritius, Jordan, South Africa and the Netherlands. ALSO READ: South Africa remains a global hotspot for data breaches The National Nuclear Security Administration, the US agency responsible for maintaining and designing the nation's cache of nuclear weapons, was among those breached, Bloomberg reported earlier. SA Treasury Microsoft issued patches for two versions of the software, noting that one, SharePoint 2016, remains vulnerable to attacks. 'Considering recent media reports since Sunday regarding security incidents affecting Microsoft platforms in the USA, NT has requested Microsoft's assistance in identifying and addressing any potential vulnerabilities within its Information and Communication Technology (ICT) environment,' Treasury said. Malicious activities Treasury said it processes over 200 000 emails each day and facilitates more than 400 000 user connections through its websites daily. 'On average, the NT ICT team successfully detects and blocks approximately 5 800 security threats directed at NT systems every day, showcasing the department's commitment to maintaining a secure digital environment. ALSO READ: Data breaches cost SA organisations over R360m in 3 years 'These threats encompass a range of malicious activities, including phishing attempts, malware infections, and spam attacks,' Treasury said. Treasury added that despite these events, its systems and websites continue to operate normally without any disruption. 'China blamed' The newly discovered security flaws in SharePoint enable hackers to access SharePoint servers and steal keys that can allow them to impersonate users or services, potentially granting deep access to compromised networks and enabling the theft of confidential data. Microsoft accused Chinese state-sponsored hackers known as Linen Typhoon and Violet Typhoon of being behind the attacks on Tuesday. Another hacking group based in China, which Microsoft refers to as Storm-2603, also exploited them, according to the company. The hacks are among the latest major breaches that Microsoft has attributed, at least in part, to China, and they come amid heightened tensions between Washington and Beijing over global security and trade. The US has repeatedly accused China of campaigns that have allegedly stolen government and corporate secrets over a period spanning decades. ALSO READ: Microsoft working on global outages, Capitec says banking services restored
UPI
21-07-2025
- UPI
Hackers use Microsoft security flaw to commit global assault
July 21 (UPI) -- An investigation is underway after hackers used a security flaw in Microsoft software to internationally infiltrate agencies and businesses over the weekend. The United States, Canada and Australia have partnered in an effort to probe how the unidentified hackers used a security weak spot in Microsoft's SharePoint collaboration software to gain access to several American federal and state agencies, as well as energy companies, universities and an Asian telecommunications company. Microsoft announced Saturday that it "is aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security Update." Researchers at the Eye Security cybersecurity company first identified the weak point on Friday, explained as a "new SharePoint remote code execution vulnerability chain in the wild," it allows hackers to access the exploited SharePoint versions and steal keys that can let them impersonate users even after an affected server is patched or rebooted. As a result, hackers can use the liability to steal passwords and sensitive data and then travel the breached network through services that connect to SharePoint, such as Outlook, Teams and OneDrive. The SharePoint servers allow for documents to be shared and managed, and Microsoft has since released patches to defend SharePoint 2019 and SharePoint Subscription Edition servers, but a patch for SharePoint 2016 is still forthcoming. The attack, referred to a "zero-day" incident because it used a previously unknown vulnerability, only impacts servers housed within on-premises organizations, but not cloud operations like Microsoft 365. According to the press release from Microsoft, customers using the SharePoint Subscription Edition should "apply the security update provided in CVE-2025-53771 immediately to mitigate the vulnerability." As for those who use SharePoint 2016 or 2019, the current guidance is to "use or upgrade to supported versions of on-premises Microsoft SharePoint Server," which are SharePoint Server 2016, 2019 and SharePoint Subscription Edition, and then apply the latest security updates.
Arab Times
21-07-2025
- Business
- Arab Times
Microsoft issues urgent alert on active SharePoint cyberattacks
WASHINGTON, July 21; Microsoft has issued a critical alert regarding ongoing cyberattacks targeting its SharePoint server software, commonly used by government agencies and businesses for internal document sharing. The company urged all users to apply newly released security updates immediately. In a security advisory released Saturday, Microsoft clarified that the attacks affect only on-premises SharePoint servers and do not impact SharePoint Online, which operates within the Microsoft 365 cloud platform. The alert warned of a vulnerability that allows attackers to conduct 'spoofing' over a network. In such attacks, bad actors disguise themselves as trusted entities—such as individuals, organizations, or websites—potentially leading to the manipulation of financial systems or compromising government operations. Microsoft described the exploit as a "zero-day" attack, meaning it targeted a previously unknown flaw. The Washington Post, which first reported the breach, said the attack affected both U.S. and international organizations and could put tens of thousands of servers at risk. 'We've been coordinating closely with CISA, DOD Cyber Defense Command, and key cybersecurity partners globally throughout our response,' a Microsoft spokesperson said. The company has issued security patches and strongly encouraged affected customers to install them without delay. The FBI confirmed Sunday that it is aware of the ongoing attacks and is working with both federal agencies and private-sector partners. However, it provided no further details at this time. Microsoft is also preparing security updates for older SharePoint versions, including SharePoint 2016 and 2019. For organizations unable to implement the recommended malware protection measures immediately, the company advised disconnecting servers from the internet until the patches are deployed.
Hans India
21-07-2025
- Hans India
Global Cyberattack Targets Microsoft SharePoint Zero-Day Flaw, Hits Government and Enterprise Servers
A major global cyberattack is unfolding as a newly discovered vulnerability in Microsoft SharePoint exposes tens of thousands of on-premise servers to active exploitation. This zero-day flaw, still unpatched in some versions, has impacted networks across government agencies, businesses, and universities around the world. The vulnerability, identified as CVE-2025-53770, has already led to unauthorized intrusions in the past few days, prompting urgent action from security teams and global cyber watchdogs. Microsoft confirmed the issue in a security advisory released Saturday, stating the exploit is currently being used in live attacks and urging immediate protective action. 'This is a significant vulnerability,' said Adam Meyers, senior vice president at cybersecurity firm Crowd Strike. 'Anybody who's got a hosted SharePoint server has got a problem.' Patches have been rolled out for SharePoint Subscription Edition and SharePoint 2019, but SharePoint 2016 remains unpatched as Microsoft continues working on a fix. The company clarified that the cloud-based SharePoint Online within Microsoft 365 is not affected. Despite the patch rollout for some versions, experts warn that attackers may have already compromised critical systems. According to a report by The Washington Post, access was gained to systems belonging to US federal and state agencies, European governments, energy companies, a Brazilian university, and an Asian telecom firm. In some incidents, hackers locked officials out of public document repositories by hijacking them. The nature of the exploit enables spoofing attacks, where intruders can pose as trusted sources to infiltrate systems. With SharePoint often linked to services like Outlook and Teams, the attackers could potentially access sensitive communications, steal credentials, and establish persistent access using cryptographic keys. What's more alarming is that even applying the available patch might not eliminate the threat for already breached systems. 'So pushing out a patch on Monday or Tuesday doesn't help anybody who's been compromised in the past 72 hours,' a security researcher told The Washington Post. Microsoft has issued detection guidance and mitigation steps on its official blog to help system administrators assess their exposure and take protective measures. Organizations using on-premises SharePoint are being advised to monitor for suspicious activity and apply available fixes without delay. As the situation evolves, Microsoft is expected to release patches for SharePoint 2016 shortly. Until then, vigilance remains the best defense.
India Today
21-07-2025
- Business
- India Today
Microsoft SharePoint zero-day hack hits ‘tens of thousands' of servers globally
A newly discovered vulnerability in Microsoft SharePoint has led to a widespread cyberattack, compromising servers across government agencies, businesses, and universities around the world. The so-called 'zero-day' exploit, which targets a previously unknown flaw, has affected tens of thousands of on-premise SharePoint servers, prompting urgent security alerts and investigations in multiple countries. Microsoft confirmed the breach in a security advisory released on Saturday, warning of 'active attacks' and urging immediate implementation of protective measures. 'This is a significant vulnerability,' said Adam Meyers, senior vice president at cybersecurity firm CrowdStrike. 'Anybody who's got a hosted SharePoint server has got a problem.'advertisementWhile Microsoft has released a patch for two version of the software, fixes for one version, SharePoint 2016, is still being developed. Microsoft has released a security patch for SharePoint Subscription Edition and SharePoint 2019, following active exploitation of a critical vulnerability, tracked as CVE-2025-53770, in on-premises servers. The tech giant confirmed the flaw is currently being targeted in the wild and is urging customers to apply the update immediately. The vulnerability does not affect SharePoint Online, Microsoft said in a tweet via its Security Response Center (MSRC) handle on Sunday. However, on-premises servers remain at risk, especially those running Subscription Edition. 'We are actively working on updates for SharePoint 2016 and 2019,' Microsoft added, indicating those versions remain unpatched for now. The company has also provided detection guidance and mitigation steps for defenders, available through its official breach does not affect SharePoint Online users within Microsoft 365's cloud environment. Instead, it targets internal servers hosted within organisations — commonly used by government bodies and large enterprises for document sharing and to The Washington Post, which first reported the incident, the hackers managed to exploit the flaw in recent days, gaining access to US federal and state agencies, European governments, energy firms, a university in Brazil, and an Asian telecommunications company. In some cases, attackers even 'hijacked' public document repositories, blocking officials from accessing the vulnerability allows for a type of spoofing attack, where an intruder can disguise themselves as a trusted source. With access to SharePoint servers, which is often connected to services like Outlook and Teams, hackers can steal sensitive data, harvest passwords, and potentially maintain long-term access using cryptographic keys. What's especially concerning, according to reports, is that the attackers have obtained access keys that could allow them to return even after the systems are patched. 'So pushing out a patch on Monday or Tuesday doesn't help anybody who's been compromised in the past 72 hours,' one security researcher told The Washington technical details of the exploit chain have been disclosed publicly yet, but Microsoft's confirmation of active attacks suggests that the vulnerability may be part of a targeted campaign. The company's advisory underscores the urgency of applying the fix, especially for enterprise systems that rely on SharePoint for collaboration and content management. Microsoft is expected to release patches for SharePoint 2016 and 2019 soon, but until then, system administrators are advised to monitor for unusual activity and follow the detection steps outlined in Microsoft's guidance.- Ends
