Microsoft is struggling with crushing criticism of its cloud services. Another expert accuses the titan of significant neglect of data security that allows hackers to steal recklessly.
Amit Yoran, president of the security company Tenable, spoke harshly about the negligence in the security of Microsoft Azure cloud services. As the expert says, the corporation presents “gross irresponsibility” and, in addition, cultivates a “culture of toxic withholding” of information.
Vulnerability in Microsoft services – the company delays for months
Tenable experts discovered a huge vulnerability in the Azure cloud back in March 2023. They waited for a fix for several months, and finally released the vulnerability to the public on Monday, July 31. This is usually a motivator that encourages companies to fix the security problem as soon as possible.
Since then, the Redmont giant has still not done anything to patch a very serious problem. This prompted the latest public reprimand of the CEO.
“If you want to know how big that is, it’s a mistake.” Our team very quickly discovered many secrets of the authentication system of one of the banks. Our employees were so concerned that we immediately informed Microsoft. Did the company fix the bugs? Of course not. After more than 90 days, a partial fix was implemented. This has closed the gap in only a few applications – thunders Yoran.
Microsoft fell victim to Chinese hackers
Recently, US Senator Ron Wyden also reprimanded Microsoft for “negligence in cybersecurity.” This time for leading a huge attack in which hackers took over a large amount of confidential data of the US authorities.
A Chinese group known for international espionage has gained access to government email accounts. The attack was supposed to be highly advanced and involved many cells in the US administration.
The case was taken up by specialists from Microsoft, who indicated that the takeover of the system went unnoticed for about a month. The same cybercriminals allegedly hijacked email accounts associated with 25 organizations, including US government agencies.
As experts add, the hackers did not act en masse, but aimed at taking over specific accounts belonging to officials. This was done using forged access tokens created by online criminals. These were used to exploit a bug in Microsoft’s cloud infrastructure security.