A cyber security vulnerability in Microsoft's SharePoint collaboration software has been added to the US Cybersecurity and Infrastructure Security Agency exploitation list as customers deal with the potential fallout.
Computer security experts say hackers have exploited the loophole and potentially compromised private and public computer networks in the US.
The individual or group behind the software exploitation is not yet known.
“The incident reveals the growing sophistication of threat actors who have gained internal access to an environment and can now leverage existing resources (like Microsoft Exchange, SharePoint,) to conduct nefarious missions beyond just ransomware attacks, like 'wiper' malware that deletes data,” said Morey Haber, a chief security adviser at cyber security company BeyondTrust.
Mr Haber said Microsoft appears to have responded quickly once the vulnerability to Sharepoint was identified, but that for some, it might be too little, too late.
“Considering the speed of exploitation, some organisations may be waking up Monday morning to a fresh series of attacks,” he explained.
The various editions of Microsoft Sharepoint are also making it more difficult to provide a one-size-fits-all solution.
Microsoft said that it released a security update for SharePoint 2019, and that other fixes would be on the way.
“We are actively working on updates for SharePoint 2016,” the Redmond, Washington software company posted on X.
Santiago Pontiroli, lead researcher at cyber protection company Acronis, said: “This incident continues a trend of high-impact attacks against Microsoft infrastructure, including the Exchange mass exploitation in 2021 and the 2023 cloud email breach.
“Over the past several years, state-aligned and advanced persistent threat groups have repeatedly abused vulnerabilities in Microsoft platforms to gain initial access, steal sensitive data, and establish long-term footholds in enterprise networks.”
Microsoft does, however, invest heavily in trying to prevent such breaches from occurring.
Federal law enforcement agencies regularly work with the company and have a presence at its cyber crime centre in Redmond.
Cyber security is a continuing game of "whack-a-Mole", and that companies and organisations using Sharepoint should take it seriously," Mr Pontiroli said.
“Organisations still running on-premises SharePoint need to act now,” he said. “Apply the latest updates, monitor for signs of compromise, and assume exposure if systems were only partially patched.”
Section 375
Cast: Akshaye Khanna, Richa Chadha, Meera Chopra & Rahul Bhat
Director: Ajay Bahl
Producers: Kumar Mangat Pathak, Abhishek Pathak & SCIPL
Rating: 3.5/5
Slow loris biog
From: Lonely Loris is a Sunda slow loris, one of nine species of the animal native to Indonesia, Malaysia, Thailand and Singapore
Status: Critically endangered, and listed as vulnerable on the International Union for Conservation of Nature red list due to growing demand in the global exotic pet trade. It is one of the most popular primate species found at Indonesian pet markets
Likes: Sleeping, which they do for up to 18 hours a day. When they are awake, they like to eat fruit, insects, small birds and reptiles and some types of vegetation
Dislikes: Sunlight. Being a nocturnal animal, the slow loris wakes around sunset and is active throughout the night
Superpowers: His dangerous elbows. The slow loris’s doe eyes may make it look cute, but it is also deadly. The only known venomous primate, it hisses and clasps its paws and can produce a venom from its elbow that can cause anaphylactic shock and even death in humans
WHAT IS A BLACK HOLE?
1. Black holes are objects whose gravity is so strong not even light can escape their pull
2. They can be created when massive stars collapse under their own weight
3. Large black holes can also be formed when smaller ones collide and merge
4. The biggest black holes lurk at the centre of many galaxies, including our own
5. Astronomers believe that when the universe was very young, black holes affected how galaxies formed
UAE currency: the story behind the money in your pockets
Dunki
%3Cp%3E%3Cstrong%3EDirector%3A%3C%2Fstrong%3E%20Rajkumar%20Hirani%C2%A0%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3EStarring%3A%3C%2Fstrong%3E%20Shah%20Rukh%20Khan%2C%20Taapsee%20Pannu%2C%20Vikram%20Kochhar%20and%20Anil%20Grover%3C%2Fp%3E%0A%3Cp%3E%3Cstrong%3ERating%3A%3C%2Fstrong%3E%204%2F5%3C%2Fp%3E%0A
Game Changer
Director: Shankar
Stars: Ram Charan, Kiara Advani, Anjali, S J Suryah, Jayaram
Rating: 2/5
COMPANY PROFILE
Name: Qyubic
Started: October 2023
Founder: Namrata Raina
Based: Dubai
Sector: E-commerce
Current number of staff: 10
Investment stage: Pre-seed
Initial investment: Undisclosed
COMPANY PROFILE
Name: HyperSpace
Started: 2020
Founders: Alexander Heller, Rama Allen and Desi Gonzalez
Based: Dubai, UAE
Sector: Entertainment
Number of staff: 210
Investment raised: $75 million from investors including Galaxy Interactive, Riyadh Season, Sega Ventures and Apis Venture Partners
'Joker'
Directed by: Todd Phillips
Starring: Joaquin Phoenix
Rating: Five out of five stars
Our family matters legal consultant
Name: Hassan Mohsen Elhais
Position: legal consultant with Al Rowaad Advocates and Legal Consultants.
