24/07/2025

THURSDAY | JULY 24, 2025

8 Microsoft knew of SharePoint flaw

LONDON: A security patch Microsoft released this month failed to fully fix a critical flaw in the tech giant’s SharePoint server software, opening the door to a sweeping global cyber espionage effort, a timeline reviewed by Reuters shows. On Tuesday, a Microsoft spokesperson confirmed that its initial solution to the flaw, identified at a hacker competition in May, did not work, but added that it released further patches that resolved the issue. It remains unclear who is behind the spy effort, which targeted about 100 organisations over the weekend, and is expected to spread as other hackers join the fray. o Tech giant admits initial security patch failed to resolve issue

The pool of potential ToolShell targets remains vast. Hackers could have already compromised more than 8,000 servers online, showed data from search engine Shodan, which helps identify internet linked equipment. Such servers were in networks ranging from auditors, banks, healthcare companies and major industrial firms to US state-level and international government bodies. The Shadowserver Foundation, which scans the internet for potential digital vulnerabilities, put the number at a little more than 9,000, cautioning that the figure is a minimum. It said most of those affected were in the United States and Germany. Germany’s federal office for information security, BSI, said on Tuesday it had found no compromised SharePoint servers in government networks, despite some being vulnerable to the ToolShell attack. – Reuters New Zealand gets tough on space infrastructure WELLINGTON: The New Zealand government passed legislation yesterday to regulate the use of ground-based space infrastructure following national security concerns. Space Minister Judith Collins said in a statement that the Outer Space High Altitude Activities Amendment Bill would take effect on Monday and from then, ground-based space infrastructure such as satellite tracking stations and telemetry systems would be subject to oversight and safeguards. The law “supports New Zealand’s interest in the safe, secure and responsible use of space and stop any attempts by foreign entities that do not share our values or interests”, Collins said. “Ground-based space infrastructure in New Zealand plays a vital role in supporting global satellite operations and space activities, but without regulation, it can also pose risks to national security and other national interests.” Under the new law, anyone operating ground-based space infrastructure will need to confirm with the government that they have appropriate security arrangements in place and due diligence systems to assess any partners. The South Pacific nation’s location and clear skies make it a good place to launch and monitor satellites, with the European Space Agency among those keeping an eye on space from New Zealand. The new regulations come after New Zealand’s intelligence service raised concerns last September that some foreign entities had tried to establish space infrastructure, which would have “assisted foreign military activity that could have harmed New Zealand interests”. “They have deliberately disguised their affiliations to foreign militaries and misrepresented their intentions,” Collins told parliament on Tuesday. While neither the minister nor the report mentioned China in relation to the incidents, the broader report noted that China remained a complex intelligence concern but there were other states undertaking malicious activity as well. – Reuters

dubbed

it

“ToolShell”

and

(RM422,612) prize for so-called “zero-day” exploits that leverage previously undisclosed digital weaknesses that could be used against SharePoint, Microsoft’s flagship document management and collaboration platform. The US National Nuclear Security Administration, charged with maintaining and designing the nation’s cache of nuclear weapons, was among the agencies breached, Bloomberg News said on Tuesday, citing a person with knowledge of the matter. No sensitive or classified information is known to have been compromised, it added. The Energy Department, the Cybersecurity and Infrastructure Security Agency and Microsoft did not immediately respond to Reuters’ requests for comment on the report. A researcher for the cybersecurity arm of Viettel, a telecoms firm run by Vietnam’s military, identified a SharePoint bug at the May event,

In a blog post, Microsoft said two allegedly Chinese hacking groups, dubbed “Linen Typhoon” and “Violet Typhoon”, were exploiting the weaknesses, along with a third, also based in China. Microsoft and Alphabet’s Google have said China-linked hackers were probably behind the first wave of hacks. Chinese government-linked operatives are regularly implicated in cyberattacks, but Beijing routinely denies such hacking operations. In an emailed statement, its embassy in Washington said China opposed all forms of cyberattacks, and “smearing others without solid evidence”. The vulnerability opening the way for the attack was first identified in May at a Berlin hacking competition organised by cybersecurity firm Trend Micro that offered cash bounties for finding computer bugs in popular software. It offered a US$100,000

demonstrated a way to exploit it. The discovery won the researcher an award of US$100,000, an X posting by Trend Micro’s “Zero Day Initiative” showed. Participating vendors were responsible for patching and disclosing security flaws in “an effective and timely manner”, Trend Micro said in a statement. “Patches will occasionally fail. This has happened with SharePoint in the past,” it said. In a July 8 security update, Microsoft said it had identified the bug, listed it as a critical vulnerability, and released patches to fix it. However, about 10 days later, cybersecurity firms started to notice an influx of malicious online activity targeting the same software the bug sought to exploit, SharePoint servers. “Threat actors subsequently developed exploits that appear to bypass these patches,” said British cybersecurity firm Sophos.

Fans left flowers, candles and pictures near Osbourne’s star at the Hollywood Walk of Fame in Los Angeles. – REUTERSPIC

Black Sabbath frontman Ozzy Osbourne dead at 76 LONDON: Ozzy Osbourne, the legendary frontman of heavy metal group Black Sabbath, died on Tuesday at the age of 76, his family said, just weeks after he gave an epic farewell concert. Drummer Bill Ward said Osbourne would forever be in his heart and signed off his post with “Never goodbye. Thank you forever”. Music icon Elton John praised Osbourne as “a huge trailblazer who secured his place in the pantheon of rock gods – a true legend”.

The hell-raising singer, who was diagnosed with Parkinson’s disease in 2019, passed away just over a fortnight after playing a final gig before a sold-out crowd in his home city of Birmingham, England. “It is with more sadness than mere words can convey that we have to report that our beloved Ozzy Osbourne passed away this morning,” said a family statement. “He was with his family and surrounded by love. We ask everyone to respect our family privacy at this time.” Tributes poured in for the notorious figure nicknamed the “Prince of Darkness”, who once bit off the head of a bat while on stage. His original bandmates posted tributes on social media, with guitarist Tony Iommi saying, “there won’t be another like him”, and bassist Geezer Butler saying “So glad we got to do it one last time, back in Aston. Love you.”

“He was also one of the funniest people I’ve ever met. I will miss him dearly,” John wrote on Instagram. Rolling Stones member Ronnie Wood said he was “very sad” to learn of Osbourne’s death. Osbourne was instrumental in pioneering heavy metal, an offshoot of hard rock, as Black Sabbath enjoyed huge commercial success in the 1970s and 1980s after forming in Birmingham in 1968. Black Sabbath’s eponymous 1970 debut album made the UK top 10 and paved the way for a string of hit records, including their most famous song Paranoid . “It was Ozzy’s voice that took me away to a dark universe. A great escape,” Pearl Jam guitarist Mike McCready posted on X. “Thanks for the music, Ozzy. It makes our journey in life better.”

Osbourne at the launch of his book ‘I Am Ozzy’ on Oct 2, 2009. – REUTERSPIC Black Sabbath went on to sell more than 75 million albums worldwide and were inducted into the Rock & Roll Hall of Fame in 2006. Osbourne was added for a second time last year as a solo artist. – AFP