The US Department of Homeland Security (DHS) released the Cyber Security Review Board’s (CSRB) report on its independent review of the ‘Summer 2023 Microsoft Exchange Online Intrusion’, which was a cyber attack on Microsoft Exchange Mailboxes of over 500 individuals, including many who were members of the American government. The report attributed the success of the attack to a “cascade of avoidable errors” on the part of Microsoft and presents recommendations to help ensure that such incidents are not repeated in the future. According to the report, in May and June 2023 a threat actor known as Storm-0558 gained access to the Microsoft Exchange Online Mailboxes of over 500 individuals and 22 organisations including highly ranked officials such as Commerce Secretary Gina Raimondo, United States Ambassador to the People’s Republic of China R. Nicholas Burns, and Congressman Don Bacon. Storm-0558 was claimed by the report to be affiliated with the People’s Republic of China and working on espionage-related activities. The threat actor accessed these accounts through authentication tokens that were signed by a security key created by Microsoft in 2016. Signing keys are used for secure authentication into systems. A valid signing key can grant a user access to any information within that key's domain. Recommendations to enhance the security of Microsoft products The report criticised Microsoft’s “inadequate security culture” which prevented Microsoft from detecting the compromised key on its own, and its decision not to correct incorrect public statements about the incident. It described “decision-making processes within the company…
News
Department of Homeland Security report criticises Microsoft for China-linked hacker attack, provides recommendations
The Department of Homeland Security has suggested that Microsoft prioritize security improvements instead of launching new products and make a public plan for security-focused reforms that hold its leaders accountable for security breaches.
Latest Headlines
- Department of Homeland Security report criticises Microsoft for China-linked hacker attack, provides recommendations April 4, 2024
- Letter from 200+ Artists Including Billie Eilish, Stevie Wonder, Metro Boomin, Others Urges AI Companies For Responsible Use Of Music April 4, 2024
- Mozilla Suggests Changes To WhatsApp In Order To Restrict Message Forwards and Combat Election Disinformation April 4, 2024
- NITI Aayog recommends e-commerce for boosting MSME exports April 4, 2024
- Anthropic writes paper on how to jailbreak Claude and trick it into answering harmful questions April 4, 2024
Free Reads
News
Department of Homeland Security report criticises Microsoft for China-linked hacker attack, provides recommendations
The Department of Homeland Security has suggested that Microsoft prioritize security improvements instead of launching new products and make a public plan for security-focused...
News
Letter from 200+ Artists Including Billie Eilish, Stevie Wonder, Metro Boomin, Others Urges AI Companies For Responsible Use Of Music
Over 200 artists, including legends, unite against AI's threat to creativity.
News
Mozilla Suggests Changes To WhatsApp In Order To Restrict Message Forwards and Combat Election Disinformation
The creator of Mozilla Firefox has published a statement stating that WhatsApp isn’t doing much to detect and stop “networked disinformation and hate speech"...
MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.
Views
News
Views: Response to NPCI CEO’s comments that what is not written in regulations is a no-go for fintech entities
NPCI CEO Dilip Asbe recently said that what is not written in regulations is a no-go for fintech entities. But following this advice could...
News
Notably, Indus Appstore will allow app developers to use third-party billing systems for in-app billing without having to pay any commission to Indus, a...
News
The existing commission-based model, which companies like Uber and Ola have used for a long time and still stick to, has received criticism from...
News
Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...
News
Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
News
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
Advert
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
News
Twitter takes down tweets from MP, MLA, editor criticising handling of pandemic upon government request
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...
News
Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...