Microsoft has come under fire recently from both the U.S. government and rival companies for its failure to stop a Chinese hack of its systems last summer.
One change the tech giant is making in response: linking executive compensation more closely to cybersecurity. In April, a government review board described a hack of Microsoft last summer attributed to China as “preventable.” The U.S. Department of Homeland Security’s Cyber Safety Review Board pointed to “a cascade of errors” and a corporate culture at Microsoft “that deprioritized enterprise security investments and rigorous risk management.”
Read more…
Source: CNBC News
Related:
- Destructive malware targeting Ukrainian organizations
January 15, 2022
Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a destructive malware operation targeting multiple organizations in Ukraine. This malware first appeared on victim systems in Ukraine on January 13, 2022. Microsoft is aware of the ongoing geopolitical events in Ukraine and surrounding region and encourages organizations to use the information in this post to ...
- Microsoft starts 2022 with big bundle fixes for 96 security bugs in its software
January 12, 2022
The new year brings the same old chore of shoring up Microsoft software. For its first Patch Tuesday of 2022, Redmond has bestowed 96 new CVEs affecting its Windows products. If you include 24 Chromium CVEs published earlier this month and now addressed in Microsoft’s Edge browser, in addition to two CVEs in open source projects ...
- noPac Exploit: Latest Microsoft AD Flaw May Lead to Total Domain Compromise in Seconds
January 11, 2022
Microsoft recently published two critical CVEs related to Active Directory (CVE-2021-42278 and CVE-2021-42287), which when combined by a malicious actor could lead to privilege escalation with a direct path to a compromised domain. In mid-December 2021, a public exploit that combined these two Microsoft Active Directory design flaws (referred also as “noPac”) was released. The exploit ...
- Microsoft informs customers of ‘NotLegit’ Azure bug
December 23, 2021
Microsoft’s Security Response Center has released a blog post explaining its response to the “NotLegit” bug in Azure that was discovered by cloud security company Wiz. Wiz said all PHP, Node, Ruby, and Python applications that were deployed using “Local Git” on a clean default application in Azure App Service since September 2017 are affected. They ...
- Microsoft Teams bug allowing phishing unpatched since March
December 22, 2021
Microsoft said it won’t fix or is delaying patches for several security flaws impacting Microsoft Teams’ link preview feature reported since March 2021. German IT security consultancy firm Positive Security’s co-founder Fabian Bräunlein discovered four vulnerabilities leading to Server-Side Request Forgery (SSRF), URL preview spoofing, IP address leak (Android), and denial of service (DoS) dubbed Message ...
- Actively Exploited Microsoft Zero-Day Allows App Spoofing, Malware Delivery
December 14, 2021
Microsoft has addressed a zero-day vulnerability that was exploited in the wild to deliver Emotet, Trickbot and more in the form of fake applications. The patch came as part of the computing giant’s December Patch Tuesday update, which included a total of 67 fixes for security vulnerabilities. The patches cover the waterfront of Microsoft’s portfolio, affecting ...