Microsoft ties govt pay to safety following a number of failures and breaches

A PC running Windows 11.

Enlarge / A PC operating Home windows 11. (credit score: Microsoft)

It has been a foul couple of years for Microsoft’s safety and privateness efforts. Misconfigured endpoints, rogue safety certificates, and weak passwords have all triggered or risked the publicity of delicate information, and Microsoft has been criticized by safety researchers, US lawmakers, and regulatory businesses for the way it has responded to and disclosed these threats.

Essentially the most high-profile of those breaches concerned a China-based hacking group named Storm-0558, which breached Microsoft’s Azure service and picked up information for over a month in mid-2023 earlier than being found and pushed out. After months of ambiguity, Microsoft disclosed {that a} collection of safety failures gave Storm-0558 entry to an engineer’s account, which allowed Storm-0558 to gather information from 25 of Microsoft’s Azure clients, together with US federal businesses.

In January, Microsoft disclosed that it had been breached once more, this time by Russian state-sponsored hacking group Midnight Blizzard. The group was in a position “to compromise a legacy non-production take a look at tenant account” to achieve entry to Microsoft’s programs for “so long as two months.”

Learn eight remaining paragraphs | Feedback

Leave a Reply

Your email address will not be published. Required fields are marked *