Greg Andrews on LinkedIn: CSRB report highlights the need for new approaches to securing the public… (2024)

The U.S. U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) published a report on the Summer 2023 Microsoft Exchange breach by #Storm0558, a group associated with China. The exploitationimpactedthe mailboxes of 22 organizations and over 500 individuals globally, including U.S. government officials like Commerce Secretary Gina Raimondo, U.S. Ambassador to China R. Nicholas Burns, and Congressman Don Bacon. The intrusion involved the use of #authentication tokens signed with a key generated by Microsoft. The 34-page CSRB reportcondemnsMicrosoft for security lapses that facilitated #espionage, calling for comprehensive reforms within Microsoft and the #cloudservice sector. It emphasizes the need for improved #cybersecurity practices and regulatory updates to mitigate future #cyberthreats. https://lnkd.in/gSet6jcy

14

“Suspected Chinese hackers gained surreptitious access to senior U.S. officials’ emails by exploiting what researchers have labeled as a zero-day flaw in Microsoft’s cloud environment. The flaw is now fixed, and authorities are sharing how to spot any compromise.”The attached DNS in the comments below shows not a zero-day vulnerability, but woefully exposed and exploitable Azure for US Department of Defenses’ DNS. This Insecure DNS is in total contradiction of CISA’s M-19-01 Emergency Directive on DNS Tampering and Abuse. It is also not adhering to the Department of Defense's (DOD) Cybersecurity Maturity Model Certification (CMMC). This is real-time. This completely undermines all U.S. Government regulations and compliance and leaves the U.S. Government exposed and exploitable. Little wonder then it is being constantly.This is not simply reckless by Microsoft and lest we forget, the Parent organisation, the DOD, but places the entire U.S Government and military at risk. For anyone who does not understand this exposed position, let me make it simple. These monumental errors and oversights sees all security as negated and access made easy. It would take real effort to make infiltration any easier, any more vulnerable, and any more exposed. #microsoftazure #whitethornshield #internetsecurity #dns #pki #bradsmith #tomburt #ckellybissell

222

27 Comments

Microsoft continues to start fires and then try to put them out when it comes to security.Again and again there are issues of them failing to protect customers and even themselves.It raises the question: How can you trust a security platform that cannot secure its own business?https://lnkd.in/gmZv9_Y8

17

Following a breach by Chinese hackers that went undetected for months, Microsoft has upgraded its free logging features for Purview Audit standard users, including U.S. federal agencies. The update, prompted by the theft of U.S. government emails, improves detection capabilities against similar cyberattacks by extending log retention from 90 to 180 days and automating log activation. This move aligns with federal logging standards and cybersecurity guidelines, marking significant progress in securing technology for organizations.https://lnkd.in/gwpCxBXb

2

Microsoft Hack: China-backed hackers stole a Microsoft signing key, allowing them to break into dozens of email inboxes, including those belonging to U.S. Commerce Secretary Gina Raimondo and U.S. State Department officials. The incident is attributed to a newly discovered espionage group called Storm-0558, which has a strong nexus to China.MSA Key: The hackers acquired a consumer signing key (MSA key) used to secure consumer email accounts. They used it to forge tokens that allowed them to break into enterprise inboxes due to a validation error in Microsoft code.Incident Response: Microsoft has blocked all actor activity related to this incident and has hardened its key issuance systems. The company knows who was compromised and has notified those affected.Government Security Logging: Not every government department had the same level of security logging. Lower government tier offers some logging but does not keep track of specific mailbox data which would have revealed the attack. A CISA official criticized the lack of available logging.#storm0558 #tokens #keys #cyberattacks #cybersecurity #cyberwar #cyberriskmanagement #cyberrisks #cyberriskmanagement Microsoft

21

3 Comments

Cybersecurity Wake-Up Call: Microsoft's Negligence and the Urgent Need for Addressing Unknown FailingsIn a stunning revelation, Senator Ron Wyden has pointed the finger at Microsoft, accusing the tech giant of cybersecurity negligence that paved the way for the audacious Chinese hack of the United States Government. As the fallout from this unprecedented breach continues, the call for accountability grows stronger. But the story runs deeper.Since December 2019, warnings of exposed Internet Assets have been sounded, with Microsoft repeatedly informed of the looming danger. In my face-to-face meeting with Brad Smith in London recently, the stark reality of Microsoft's 20 million plus exposed and insecure servers was laid bare. The failure to act on these alerts has resulted in a colossal breach of national security, leaving the U.S. government and its citizens reeling.This shocking incident serves as a stark reminder that cybersecurity must evolve to address the Unknown, Unknown security failings. Until we tackle the underlying vulnerabilities that elude conventional detection and capability, the safety and privacy of billions of Internet users remain at risk. As we confront the aftermath of this grave breach, it is imperative for technology giants and governments alike to take decisive action in fortifying digital defences against an ever-evolving threat landscape.Only by uniting against the Unknown, Unknowns can we hope to create a safer and more secure digital world for all. The time for action is now. Let us rise to the challenge and build a future where cyber threats are neutralized before they can strike.We are happy to assist to identify and address the unknown unknowns.#WhitethornShield #Microsoft #InternetAssets #InterenetSecurity #DNS #PKI #CISA #GCHQ #NCSC #NSA

118

24 Comments

The danger of monocultures in ITIt's certainly beneficial to IT providers offering services end-to-end to business as well as consumer users and corporate servers as well as consumer desktops and - I honestly admit that - #microsofthas for sure been a propellant to move computer use beyond the nerd levelBUT in these highly political times, it is increasingly becoming an essential risk for ANY user of MS services to be a co-target of politically influenced intrusion involuntarily. Microsoft is the prime target of fraud, intrusion and compromise and even when public sectors bodies are in the crosshairs of hackers, private companies as well as individuals will suffer damage on a sideline. Either by leaking trade secrets or by getting extorted. Just by using Microsoft services across their organisations while their provider seems to be at best lethargic in releasing details on compromises or thoroughly enough in preventing it."Microsoft went public in January after identifying that a Russian hacking group broke into some corporate email systems, including the email accounts of “senior leadership team and employees in our cybersecurity, legal, and other functions.”" #itsecurity#cloud#monoculture#transparency#ithttps://lnkd.in/e7jppevw

3

Chinese hackers breached U.S. and European government email through Microsoft bug. Here's what you need to know:1. Chinese hackers targeted around 25 organizations, exploiting a bug in Microsoft's cloud email service, primarily focusing on government agencies in Western Europe for espionage, data theft and credential access. The group, temporarily labeled as 'Storm-0558' used a Microsoft consumer signing key to access Outlook email client services.2. Microsoft began probing the incidents in June after a customer reported the bug, which was initially detected by the US government. Microsoft claims to have successfully mitigated the attack for all customers and blocked the group’s activity. However, the extent of the stolen information is still under investigation.3. In response to this incident, Microsoft has partnered with the US Department of Homeland Security’s cyber defense agency and the US Cybersecurity and Infrastructure Security Agency to address the breach. The US Senate Intelligence Committee is also monitoring the incident closely.Learn more by visiting The Record from Recorded Future News: https://lnkd.in/gK4ZreUk

26

1 Comment

it's not so shocking to read this article that a company who in 2020 had a dream to become the top company in Cyber security, signed a multi year year with Australian government to secure the nation. claim to have the best defender and SIEM solution. can't even secure their executives email accounts. this attack didn't happen overnight. Russians must have worked hard for months to make this happen. and I bet the Azure sentinel didn't pick because Microsoft couldn't afford to keep the logs beyond 90 days( too expensive) Microsoft, stop selling your sub standard products. instead of paying to Gartner to be in that top quadrant, focus on improving you product and customer experience. there is a reason, at 3columns we made a decision last year that we will not buy any sub standard Microsoft devices or operating system.. switching it to better and a bit more organised , stable and secure Apple device. #poorproduct #liars #cybersecurity #datasecurity #customerexperience #substandard

82

7 Comments

Microsoft has provided a critical update regarding the sophisticated nation-state attack by "Midnight Blizzard," a Russian state-sponsored actor also known as NOBELIUM, initially detected on January 12, 2024. Here’s a brief overview of the situation and the steps Microsoft is taking to mitigate the threats:- Initial Breach Detection: On January 19, Microsoft disclosed that Midnight Blizzard compromised corporate email systems, targeting emails related to the threat actor itself, including communications between Microsoft and its customers.- Ongoing Investigation and Impact: Recent findings indicate that Midnight Blizzard has been leveraging stolen information to gain or attempt access to Microsoft’s source code repositories and internal systems. Despite these efforts, there's no evidence suggesting customer-facing systems were compromised.- Response Measures: Microsoft is actively reaching out to potentially affected customers, advising on mitigation strategies. The volume of attack tactics like password sprays has significantly increased, prompting Microsoft to bolster its defense mechanisms, security investments, and coordination across the enterprise.- Commitment to Transparency: Microsoft remains dedicated to responsible transparency, enhancing security controls, and sharing insights gained from their investigations to help the broader community combat such sophisticated threats.For a more detailed analysis of the breach and Microsoft’s response: https://lnkd.in/eDXVriM7#nonasec #cybersecurity #microsoft #midnightblizzard #incident #passwordattacks #passwordspray #exfiltration #compromise