Congress grills Microsoft president over security failures

Microsoft President Brad Smith addressed Microsoft’s recent security shortfalls during a House Committee on Homeland Security hearing Thursday.
The hearing, titled “A Cascade of Security Failures: Assessing Microsoft Corporation’s Cybersecurity Shortfalls and the Implications for Homeland Security,” focused primarily on claims found in April’s Cyber Safety Review Board (CSRB) report. The report found that a “cascade” of errors led to a Chinese nation-state threat actor tracked as Storm-0558 breaching email accounts at 22 organizations last year, including some federal agencies.

The threat actors accessed accounts using Outlook Web Access in Exchange Online and through forging authentication tokens via a stolen Microsoft account (MSA) signing key. A Federal Civilian Executive Branch agency detected suspicious activity in its Microsoft 365 environment a month before disclosure, and the breach was only detected because government 365 licenses include enhanced cloud logging fea …

Lees verder…….