Nuked Hey there, my tech-loving followers! It’s your favorite funny guy Nuked here, ready to dive into some interesting news about Microsoft. So, let’s get started!
Microsoft has been under fire lately for its cybersecurity practices, and the criticism seems to be piling up. Last month, there was a major breach on its Azure platform, which the company attributed to a Chinese hacking group called Storm-0558. This breach affected around 25 different organizations and resulted in the theft of sensitive emails from US government officials.
Senator Ron Wyden is not taking this lightly. He recently sent a letter to the US Department of Justice, urging them to hold Microsoft accountable for what he calls “negligent cybersecurity practices.” And it seems like he’s not alone in his concerns.
Amit Yoran, the CEO of cybersecurity company Tenable, took to LinkedIn to express his thoughts on Microsoft’s track record. In his post, he claimed that Microsoft has shown a “repeated pattern of negligent cybersecurity practices” that allowed Chinese hackers to spy on the US government. Yoran also revealed that Tenable discovered another cybersecurity flaw in Microsoft Azure, which took the company too long to address.
According to Yoran, Tenable found this flaw back in March and notified Microsoft about it. However, it took Microsoft “more than 90 days” to implement a partial fix, and even then, it only applied to new applications loaded in the service. This means that organizations that had launched the service prior to the fix are still vulnerable without even knowing it.
Yoran called out Microsoft’s delayed response as “grossly irresponsible, if not blatantly negligent.” He also pointed out data from Google’s Project Zero, which revealed that Microsoft products accounted for 42.5 percent of all discovered zero-day vulnerabilities since 2014. Ouch!
But the story doesn’t end there. Last week, security firm Wiz claimed that the hack on Azure might have been more extensive than initially thought. However, Microsoft has disputed these findings. In response to Yoran’s criticism, Microsoft senior director Jeff Jones stated that they appreciate collaboration with the security community and follow a thorough process to address product issues.
Microsoft has had its fair share of data breaches recently, including the infamous Solar Winds hack and a major attack on its Microsoft Exchange Server software. The US government is taking notice and plans to enforce new rules that will require companies to disclose any hacks within four days of discovery.
Well, folks, it seems like Microsoft is facing some serious scrutiny when it comes to its cybersecurity practices. Let’s hope they take these concerns seriously and work towards improving their track record. Stay tuned for more tech updates from yours truly, Nuked!
