Feds to Microsoft: Clean Up Your Cloud Security Act Now

A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials.

Follow Dark Reading:

April 04, 2024

LATEST SECURITY NEWS & COMMENTARY Feds to Microsoft: Clean Up Your Cloud Security Act Now A federal review board demanded that the tech giant prioritize its "inadequate" security posture, putting the blame solely on the company for last year's Microsoft 365 breach that allowed China's Storm-0558 to hack the email accounts of key government officials. How Soccer's 2022 World Cup in Qatar Was Nearly Hacked A China-linked threat actor had access to a router configuration database that could have completely disrupted coverage, a security vendor says. Omni Hotel IT Outage Disrupts Reservations, Digital Key Systems Guests affected by the companywide disruption vented their frustrations on social media. LockBit Ransomware Takedown Strikes Deep Into Brand's Viability Nearly three months after Operation Cronos, it's clear the gang is not bouncing back from the innovative law-enforcement action. RaaS operators are on notice, and businesses should pay attention. Oil & Gas Sector Falls for Fake Car Accident Phishing Emails Effective Rhadamanthys phishing campaign spoofs nonexistent "Federal Bureau of Transportation" to compromise recipients, analysts discover. Why Cybersecurity Is a Whole-of-Society Issue Working together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves. The Biggest Mistake Security Teams Make When Buying Tools Security teams often confuse tool purchasing with program management. They should focus on what a security program means to them, and what they are trying to accomplish. MORE NEWS / MORE COMMENTARY HOT TOPICS Attackers Abuse Google Ad Feature to Target Slack, Notion Users Campaign distributes malware disguised as legitimate installers for popular workplace collaboration apps by abusing a traffic-tracking feature. Instilling the Hacker Mindset Organizationwide It's critical for security teams to stay vigilant not only when it comes to major security issues, but also with minor lags in security best practice. China-Linked Threat Actor Taps 'Peculiar' Malware to Evade Detection UNAPIMON works by meticulously disabling hooks in Windows APIs for detecting malicious processes. How New-Age Hackers Are Ditching Old Ethics Staying up to date and informed on threat-actor group behavior is one way both organizations and individuals can best navigate the continually changing security landscape. MORE PRODUCTS & RELEASES TruCentive Enhances Privacy With HIPAA Compliant Personal Information De-identification More Than Half of Organizations Plan to Adopt AI Solutions in Coming Year, Reports Cloud Security Alliance and Google Cloud CyberRatings.org Announces Test Results for Cloud Network Firewall TAG Report Reveals Endpoint Backup Is Essential to Improving Data Resiliency MORE PRODUCTS & RELEASES EDITORS' CHOICE NIST Wants Help Digging Out of Its NVD Backlog The National Vulnerability Database can't keep up, and the agency is calling for a public-private partnership to manage it going forward. LATEST FROM THE EDGE AI's Dual Role on SMB Brand Spoofing Cybercriminals are using AI to impersonate small businesses. Security architects are using it to help small businesses fight back. LATEST FROM DR TECHNOLOGY Microsoft Beefs Up Defenses in Azure AI Microsoft adds tools to protect Azure AI from threats such as prompt injection, as well as to give developers the capabilities to ensure generative AI apps are more resilient to model and content manipulation attacks. LATEST FROM DR GLOBAL Singapore Sets High Bar in Cybersecurity Preparedness While Singaporean organizations have adopted the majority of their government's cybersecurity recommendations, they aren't immune: More than eight in 10 experienced a cybersecurity incident over the course of the year. WEBINARS Key Findings from the State of AppSec Report 2024 Securing Code in the Age of AI View More Dark Reading Webinars >> WHITE PAPERS The State of Incident Response Upgrade your cybersecurity in the era of AI Demystifying Zero Trust in OT Causes and Consequences of IT and OT Convergence Secure Access for Operational Technology at Scale 2023 Gartner Magic Quadrant for Single-Vendor SASE Zero Trust Access For Dummies, 2nd Fortinet Special Edition View More White Papers >> FEATURED REPORTS Industrial Networks in the Age of Digitalization Zero-Trust Adoption Driven by Data Protection How Enterprises Assess Their Cyber-Risk View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | Informa Tech | Privacy Statement | Terms & Conditions | Contact Us