TeamDML offers insights, opinions, podcasts, videos and other forms of content intended to educate and better explain trending news that is made available to the public by third parties. In this particular case, we refer to an excerpt from NBCNews.com:
In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.
The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company’s knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China.
It concluded that “Microsoft’s security culture was inadequate and requires an overhaul” given the company’s ubiquity and critical role in the global technology ecosystem. Microsoft products “underpin essential services that support national security, the foundations of our economy, and public health and safety.”
The review board said Microsoft “still doesn’t know how the hackers got in.” The intrusion, which reportedly dated back to May of last year, was discovered by the State Department in June. The review board blamed it on “a cascade of avoidable errors.”
Below is an excerpt from a press release on the DHS website:
The CSRB’s review found that the intrusion by Storm-0558, a hacking group assessed to be affiliated with the People’s Republic of China, was preventable. It identified a series of Microsoft operational and strategic decisions that collectively pointed to a corporate culture that deprioritized enterprise security investments and rigorous risk management, at odds with the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations. The Board recommends that Microsoft develop and publicly share a plan with specific timelines to make fundamental, security-focused reforms across the company and its suite of products. Microsoft fully cooperated with the Board’s review.
Today the Cyber Safety Review Board released its independent review of the Summer 2023 Microsoft Exchange Online intrusion laying out what led to the intrusion & what industry & gov’t can do to ensure an intrusion at this magnitude does not happen again. https://t.co/pf5Vx2kuuo pic.twitter.com/dAsDY7HFxv
— Cybersecurity and Infrastructure Security Agency (@CISAgov) April 2, 2024
Today, DHS released the Cyber Safety Review Board’s (CSRB) report summarizing the findings of its review into attacks associated with the 2023 Microsoft Exchange Online intrusion. Learn more herehttps://t.co/FpELjMUXSf
— Under Secretary Rob Silvers (@DHS_Policy) April 3, 2024
A Biden administration-appointed review board issued a report saying “a cascade of errors” by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials. https://t.co/pqEubmoOAI
— NBC News World (@NBCNewsWorld) April 3, 2024
To get more information about this article, please visit NBCNews.com. To weigh in, leave a comment below.
The post REPORT: Scathing federal report rips Microsoft over Chinese hack of US officials’ emails appeared first on Dennis Michael Lynch.
Click this link for the original source of this article.
Author: Online
This content is courtesy of, and owned and copyrighted by, https://dennismichaellynch.com and its author. This content is made available by use of the public RSS feed offered by the host site and is used for educational purposes only. If you are the author or represent the host site and would like this content removed now and in the future, please contact USSANews.com using the email address in the Contact page found in the website menu.