CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software
A review of the June 2023 attack on Microsoft's Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a China-linked group called"Storm-0558" – has found that the incident would have been preventable save for Microsoft's lax infosec culture and sub-par cloud security precautions.
Security risks should be fully and appropriately assessed and addressed before new features are deployed. pins the attack on key rotation practices used to secure the Microsoft Services Account – the identity management system underpinning the software giant's cloudy services for consumers. So when Storm-0558 obtained a key created in 2016, which should have been retired, it gained the ability to access the version of Outlook Web Access offered to consumers.
Other cloud providers, the report notes, are better at key rotation and implement other security controls Microsoft does not. Indeed, the report concludes that Microsoft still doesn't know how Storm-0558 got the key – but advanced the"the key was in a crash dump" theory in September 2023 and kept theMicrosoft finally amended the post on March 12, 2024, when it admitted it has not found a crash dump that contained the key.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
These 17,000 unpatched Microsoft Exchange servers are a ticking time bombOne might say this is a wurst case scenario
Read more »
Microsoft faces bipartisan criticism for alleged censorship on Bing in ChinaRedmond says it does what it's told, but still thinks users are better off
Read more »
Exchange Online blocked from sending email to AOL and YahooMicrosoft IP addresses on the spam naughty step
Read more »
OpenAI in Talks with Microsoft for $100 Billion SupercomputerOpenAI is reportedly discussing with Microsoft the construction of a massive supercomputer called Stargate, equipped with millions of AI accelerators. The project, estimated to cost up to $100 billion, is being considered for financing by Microsoft and is expected to be ready by 2028. The supercomputer's machine-learning accelerators, which can be quite expensive, are crucial for Microsoft's AI products that rely on OpenAI's models. Microsoft's partnership with OpenAI includes significant investments in infrastructure to maintain its position as the exclusive cloud provider for OpenAI.
Read more »
Why the U.S. Faces a Delicate Balancing Act on Countering China in the South China SeaA Chinese Coast Guard ship fires a water cannon at a Philippine Navy chartered vessel that was conducting a routine resupply mission to troops stationed at Second Thomas Shoal, on March 5, 2024.
Read more »
China, Russia, and Iran Accused of Online Attacks on Princess KateHostile states, including China, Russia, and Iran, have been accused of spreading online slurs and conspiracy theories about Princess Kate to destabilise Britain. Senior government figures believe that these attacks are an attempt to create chaos and unrest in the country. Prime Minister Rishi Sunak and Labour leader Keir Starmer have condemned the intense scrutiny and speculation surrounding Kate on social media. Whitehall sources suggest that hostile state actors are behind these social media attacks.
Read more »