Microsoft accused of 'negligent cybersecurity practices' that 'enabled Chinese espionage against the US government'
After Microsoft admitted its Azure platform had been breached by Chinese hacking group Storm-0558, chairman and CEO of network security giant Tenable, Amit Yoran, took to Microsoft-owned social platform LinkedIn to air his grievances against Microsoft's security practices.
Citing a letter sent by US Senator Ron Wyden to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice (DoJ), and the Federal Trade Commission (FTC) recently, Yoran calls for Microsoft to answer for the «lack of transparency» and a «repeated pattern of negligent cybersecurity practices, which has enabled Chinese espionage against the United States government» (via The Verge).
That's quite the accusation, and the Google Project Zero numbers seem to add insult to injury, as Yoran notes «Microsoft products have accounted for an aggregate 42.5% of all zero days discovered since 2014».
Yoran's main argument centres around the Azure hack. He says members of Tenable's research team had been previously checking out any potential Azure security issues, only to quickly gain access to some pretty sensitive bank authentication details.
His team notified Microsoft as soon as they realised the severity of the issue, and Yoran is pretty upset with the seemingly blasé attitude taken over the matter.
Best CPU for gaming: The top chips from Intel and AMDBest gaming motherboard: The right boardsBest graphics card: Your perfect pixel-pusher awaitsBest SSD for gaming: Get into the game ahead of the rest
«Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers' networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the
Read more on pcgamer.com
