Microsoft criticized for irresponsible and negligent cybersecurity practices
Microsoft recently disclosed a massive breach on its Azure platform, affecting around 25 organizations and traced back to Chinese hacking group Storm-0558. The attack resulted in the theft of sensitive emails from US government officials. Now, Amit Yoran, CEO of cybersecurity firm Tenable, has criticized Microsoft for a "repeated pattern of negligent cybersecurity practices" that allowed Chinese hackers to spy on the US government.
Tenable had discovered another flaw in Azure
Yoran took to LinkedIn to unleash a scathing attack on Microsoft. Tenable also discovered a significant flaw in Microsoft Azure back in March, which could grant bad actors access to sensitive data, including bank information. Yoran claims Microsoft took over 90 days to implement a partial fix after being notified. He added that the fix only applies to new applications.
Microsoft products account for 42.5% of zero-day vulnerabilities since 2014
Yoran states that the organizations using the service before the fix are still at risk and likely unaware. Microsoft plans to resolve the issue by September's end, but Yoran calls this delay "grossly irresponsible, if not blatantly negligent." He also cited data from Google's Project Zero, showing that Microsoft products account for 42.5% of all discovered zero-day vulnerabilities since 2014.
