Microsoft has come under fire recently from both the U.S. government and rival companies for its failure to stop a Chinese hack of its systems last summer.
One change the tech giant is making in response: linking executive compensation more closely to cybersecurity. In April, a government review board described a hack of Microsoft last summer attributed to China as “preventable.” The U.S. Department of Homeland Security’s Cyber Safety Review Board pointed to “a cascade of errors” and a corporate culture at Microsoft “that deprioritized enterprise security investments and rigorous risk management.”
Read more…
Source: CNBC News
Related:
- Zero-day vuln in Microsoft Office: ‘Follina’ will work even when macros are disabled
May 30, 2022
Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft’s ubiquitous Office software. Dubbed “Follina”, the vulnerability has been floating around for a while (cybersecurity researcher Kevin Beaumont traced it back to a report made to Microsoft on April 12) and uses Office functionality to retrieve a HTML file which in turn makes use of ...
- Fake Windows exploits target infosec community with Cobalt Strike
May 24, 2022
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. Whoever is behind these attacks took advantage of recently patched Windows remote code execution vulnerabilities tracked as CVE-2022-24500 and CVE-2022-26809. When Microsoft patches a vulnerability, it is common for security researchers to analyze the fix and release proof-of-concept ...
- PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
May 22, 2022
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. The choice of PDFs is unusual, as most malicious emails today arrive with DOCX or XLS attachments laced with malware-loading macro code. However, as people become more educated about opening malicious Microsoft Office attachments, threat ...
- Microsoft patches the patch that broke Windows authentication
May 20, 2022
Microsoft has released an out-of-band patch to deal with an authentication issue that was introduced in the May 10 Windows update. Elizabeth Tyler, cyber security consultant on Microsoft’s Detection and Response Team, confirmed the fix to worried administrators early this morning. Multiple administrators complained last week that after installing the May 10 patch, they experienced authentication failures ...
- Microsoft: May Windows updates cause AD authentication failures
May 12, 2022
Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. This comes after Windows admins started sharing reports of some policies failing after installing this month’s security updates with “Authentication failed due to a user credentials mismatch. Either the user name provided does ...
- Microsoft closes Windows LSA hole under active attack
May 11, 2022
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That’s seven critical bugs, 66 deemed important, and one ranked low severity. At least one of the vulnerabilities disclosed is under active attack with public exploit code, according to Redmond, while two others are listed as having public exploit code. After April’s astonishing 100-plus ...