this post was submitted on 03 Aug 2023
396 points (99.3% liked)

Technology

59317 readers
5904 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

There's been a string of security blunders in Azure in the last couple years but leaking a signing key and then trying to downplay it is really beyond the pale

you are viewing a single comment's thread
view the rest of the comments
[–] autotldr@lemmings.world 108 points 1 year ago (3 children)

This is the best summary I could come up with:


On July 12th, Microsoft disclosed a major breach targeting its Azure platform, which it traced to a Chinese hacking group known as Storm-0558.

Last week, Senator Ron Wyden (D-OR) sent a letter to the US Department of Justice, asking it hold Microsoft accountable for “negligent cybersecurity practices.”

Yoran has more to add to the senator’s arguments, writing in his post that Microsoft has demonstrated a “repeated pattern of negligent cybersecurity practices,” enabling Chinese hackers to spy on the US government.

Tenable initially discovered the flaw in March and found that it could give bad actors access to a company’s sensitive data, including a bank.

The security firm Wiz reported last week that the hack on Azure may have been more far-reaching than originally thought, although Microsoft has since disputed its findings.

Microsoft has been involved in numerous recent data breaches, including the infamous Solar Winds hack that affected agencies across the US government.


I'm a bot and I'm open source!