Followers | 680 |
Posts | 141187 |
Boards Moderated | 36 |
Alias Born | 03/10/2004 |
Thursday, February 25, 2021 5:06:41 PM
By: Joseph Menn | February 25, 2021
SAN FRANCISCO (Reuters) - Microsoft Corp (NASDAQ:MSFT)'s failure to fix known problems with its cloud software facilitated the massive SolarWinds hack that compromised at least nine federal government agencies, according to security experts and the office of U.S. Senator Ron Wyden.
A vulnerability first publicly revealed by researchers in 2017 allows hackers to fake the identity of authorized employees to gain access to customers' cloud services. The technique was one of many used in the SolarWinds hack.
Wyden, who has faulted tech companies on security and privacy issues as a member of the Senate Intelligence Committee, blasted Microsoft for not doing more to prevent forged identities or warn customers about it.
“The federal government spends billions on Microsoft software,” Wyden told Reuters ahead of a SolarWinds hearing on Friday in the House of Representatives.
“It should be cautious about spending any more before we find out why the company didn't warn the government about the hacking technique that the Russians used, which Microsoft had known about since at least 2017,” he said.
Microsoft President Brad Smith will testify on Friday before the House committee investigating the SolarWinds hacks.
U.S. officials have blamed Russia for the massive intelligence operation that penetrated SolarWinds, which makes software to manage networks, as well as Microsoft and others, to steal data from multiple governments and about 100 companies. Russia denies responsibility.
Microsoft disputed Wyden's conclusions, telling Reuters that the design of its identity services was not at fault.
In a response to Wyden's written questions on Feb. 10, a Microsoft lobbyist said the identity trick, known as Golden SAML, “had never been used in an actual attack” and “was not prioritized by the intelligence community as a risk, nor was it flagged by civilian agencies.”
But in a public advisory after the SolarWinds hack, on Dec. 17, the National Security Agency called for closer monitoring of identity services, noting, “This SAML forgery technique has been known and used by cyber actors since at least 2017.”
In response to additional questions from Wyden this week, Microsoft acknowledged its programs were not set up to detect the theft of identity tools for granting cloud access.
Trey Herr, director of the Cyber Statecraft Initiative at the Atlantic Council, said the failure showed cloud security risks should be a higher priority.
The hackers’ sophisticated abuse of identities “exposes a concerning weakness in how cloud computing giants invest in security, perhaps failing to adequately mitigate the risk of high impact, low probability failures in systems at the root of their security model,” Herr said.
In congressional testimony on Tuesday, Microsoft's Smith said that only about 15% of the victims in the Solar Winds campaign were hurt via Golden SAML. Even in those cases the hackers had to have already gained access to systems before deploying the method.
But Wyden's staff said one of those victims was the U.S. Treasury, which lost emails from dozens of officials.
Read Full Story »»»
DiscoverGold
Information posted to this board is not meant to suggest any specific action, but to point out the technical signs that can help our readers make their own specific decisions. Caveat emptor!
• DiscoverGold
Recent MSFT News
- Novavax Surges 57% Post $1.4 Billion Sanofi Deal; Apple Boosts Data Centers with AI and Internal Chips, and More News • IH Market News • 05/10/2024 12:02:56 PM
- Microsoft announces $3.3 billion investment in Wisconsin to spur artificial intelligence innovation and economic growth • PR Newswire (US) • 05/08/2024 01:45:00 PM
- Meta Platforms Expands AI Ads, Apple Boosts iPhone Shipments, and More Highlights • IH Market News • 05/08/2024 12:27:48 PM
- Microsoft and LinkedIn release the 2024 Work Trend Index on the state of AI at work • PR Newswire (US) • 05/08/2024 12:00:00 PM
- Tesla’s April Sales Down 18% in China, Amazon’s Multi-Billion Dollar Cloud Expansion in Singapore, and More News • IH Market News • 05/07/2024 11:44:00 AM
- Form EFFECT - Notice of Effectiveness • Edgar (US Regulatory) • 05/07/2024 04:15:33 AM
- Form 424B3 - Prospectus [Rule 424(b)(3)] • Edgar (US Regulatory) • 05/06/2024 08:20:48 PM
- Brookfield and Microsoft Collaborating to Deliver Over 10.5 GW of New Renewable Power Capacity Globally • GlobeNewswire Inc. • 05/01/2024 10:30:00 AM
- Alphabet CEO’s Billion-Dollar Wealth, Microsoft’s $1.7B Indonesia Investment, and More News • IH Market News • 04/30/2024 11:58:40 AM
- Axel Springer et Microsoft élargissent leur partenariat dans les domaines de la publicité, de l'IA, du contenu et des services de Microsoft Azure • PR Newswire (Canada) • 04/29/2024 03:00:00 PM
- Axel Springer and Microsoft expand partnership across advertising, AI, content and Azure services • PR Newswire (Canada) • 04/29/2024 03:00:00 PM
- Axel Springer and Microsoft expand partnership across advertising, AI, content and Azure services • PR Newswire (US) • 04/29/2024 03:00:00 PM
- U.S. Stocks May See Further Upside In Early Trading • IH Market News • 04/29/2024 01:05:53 PM
- Conduent Collaborates with Microsoft on Generative AI to Drive Innovation in Business Process Solutions • Business Wire • 04/29/2024 12:43:00 PM
- U.S. Futures Rise in Pre-Market Trading Amid Key Federal Reserve Meeting and Earnings Week Ahead • IH Market News • 04/29/2024 11:12:54 AM
- Philips Stocks Soar 47% Following US Deal, Tesla Bolsters Presence in China, and More News • IH Market News • 04/29/2024 11:11:24 AM
- U.S. Stocks Rally On Upbeat Tech Earnings • IH Market News • 04/26/2024 08:30:27 PM
- Exxon Mobil Net Profit Drops 28% to $8.22 Billion, Atlassian Surprises with Revenue Boost and Co-CEO Exit, and More in Earnings • IH Market News • 04/26/2024 11:47:51 AM
- U.S. Futures Climb in Pre-Market Trading Amid Tech Gains and Upcoming Inflation Data • IH Market News • 04/26/2024 11:47:25 AM
- The Estée Lauder Companies and Microsoft increase collaboration to power prestige beauty with generative AI • PR Newswire (US) • 04/26/2024 10:00:00 AM
- U.S. Stocks Climb Well Off Worst Levels But Close Mostly Lower • IH Market News • 04/25/2024 08:40:00 PM
- Microsoft earnings press release available on Investor Relations website • PR Newswire (US) • 04/25/2024 08:10:00 PM
- U.S. Futures Drop in Pre-Market Trading as Tech Stocks Plunge After Meta Issues Gloomy Forecast • IH Market News • 04/25/2024 11:53:54 AM
- BHP Bids $38.8 Billion for Anglo American; Biden Unveils Historic Micron Technology Deal, and More News • IH Market News • 04/25/2024 11:48:40 AM
- Coca-Cola and Microsoft Sign Billion-Dollar Agreement, Apple Event Set for May 7, and More News • IH Market News • 04/24/2024 11:28:02 AM
Avant Technologies Equipping AI-Managed Data Center with High Performance Computing Systems • AVAI • May 10, 2024 8:00 AM
VAYK Discloses Strategic Conversation on Potential Acquisition of $4 Million Home Service Business • VAYK • May 9, 2024 9:00 AM
Bantec's Howco Awarded $4.19 Million Dollar U.S. Department of Defense Contract • BANT • May 8, 2024 10:00 AM
Element79 Gold Corp Successfully Closes Maverick Springs Option Agreement • ELEM • May 8, 2024 9:05 AM
Kona Gold Beverages, Inc. Achieves April Revenues Exceeding $586,000 • KGKG • May 8, 2024 8:30 AM
Epazz plans to spin off Galaxy Batteries Inc. • EPAZ • May 8, 2024 7:05 AM