News

Microsoft is under fire following a recent cyberattack on its Azure platform. Amit Yoran, CEO of cybersecurity company Tenable, took to LinkedIn to criticize Microsoft’s track record, stating that their cybersecurity practices are worse than anticipated. Yoran cited a Chinese hacking group called Storm-0558, which was responsible for a major breach on Azure, affecting approximately 25 organizations and leading to the theft of sensitive US government emails.

Senator Ron Wyden also expressed concern and sent a letter to the US Department of Justice, urging them to hold Microsoft accountable for their negligent cybersecurity practices. Yoran supported Wyden’s arguments, claiming that Microsoft has a repeated pattern of negligence, allowing Chinese hackers to spy on the US government. Furthermore, he revealed a cybersecurity flaw discovered by Tenable in Microsoft Azure, emphasizing that the company took too long to address it.

Tenable initially found the flaw in March and discovered that it could grant unauthorized access to sensitive data, including banking information. Yoran stated that Microsoft took more than 90 days to implement a partial fix after being notified by Tenable. However, the fix only applies to new applications, leaving organizations that had launched the service prior to the fix still vulnerable.

Yoran criticized Microsoft’s delayed response as “grossly irresponsible, if not blatantly negligent.” He also pointed to data from Google’s Project Zero, which revealed that Microsoft products accounted for 42.5 percent of all zero-day vulnerabilities since 2014. Yoran questioned Microsoft’s trustworthiness and transparency, highlighting the need for CISOs, boards of directors, and executive teams to have confidence in the company’s commitment to cybersecurity.

In response to the criticism, Microsoft senior director Jeff Jones emphasized their collaboration with the security community in addressing product issues. Jones stated that Microsoft follows a thorough investigation and update development process to ensure customer protection. However, the company continues to face scrutiny due to recent data breaches, including the Solar Winds hack and the attack on Microsoft Exchange Server software that affected over 30,000 organizations.

To address growing concerns, the US government plans to enforce new rules requiring companies to disclose a hack within four days of its discovery. These rules aim to encourage transparency and accountability when it comes to cybersecurity incidents.

The post Microsoft Faces Criticism Over Cybersecurity Practices appeared first on satProviders.