security

Risk & Repeat: Digging into Microsoft security criticisms – TechTarget


Listen to this podcast

Executives, researchers and former employees told TechTarget Editorial about issues with Microsoft security practices including patch bypasses, poor transparency and more.

Microsoft faced a wave of criticism following its reaction to the Storm-0558 attacks last month, but security complaints with the tech giant go back much further.

Last week, TechTarget Editorial chronicled recent frustrations with Microsoft’s security organization that go well beyond recent news. Cybersecurity executives, researchers and former Microsoft employees covered issues including a lack of transparency, inconsistent communication practices, patch bypasses and a general decline in the tech giant’s security initiatives.

These new criticisms come after Microsoft disclosed last month a threat campaign operated by a China-affiliated threat actor, designated Storm-0558. The threat actor breached 25 organizations — several which affiliated with the U.S. government — by exploiting what Microsoft described as a “token validation issue.”

The campaign was first discovered by a Federal Civilian Executive Branch (FCEB) of the U.S. government, which had enhanced logging enable through the highest tier license agreement for Microsoft 365. In an advisory about the attacks, CISA emphasized the FCEB agency was only able to detect the intrusion because the enhanced logging provided signs of compromised email accounts.

Though Microsoft made strides to rectify this and plans to greatly widen logging access next month, the company also faced criticism for seemingly downplaying the scope of the cloud flaws involved as well as a lack of transparency into how the threat actor obtained the stolen Microsoft signing key that led to the attacks.

Readers Also Like:  Saudi crown prince invited to visit UK, government source says - BBC

On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright and Alex Culafi discuss new and old criticisms of Microsoft’s security practices and the company’s response.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a writer, journalist and podcaster based in Boston.



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.