* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, June 26, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Frontdoor Announces Tech Expert Dr. Bala Ganesh as Chief Technology Officer – Business Wire

    Frontdoor Appoints Tech Visionary Dr. Bala Ganesh as New Chief Technology Officer

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    China’s Military Introduces Mosquito-Sized Drones: A Game-Changing Surveillance Technology – Indian Defence Review

    China Unveils Mosquito-Sized Drones: Revolutionizing Surveillance Technology

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Promising Technology Stocks To Follow Today – June 22nd – MarketBeat

    Top Technology Stocks to Watch Today – June 22nd

    Technology Convergence Report 2025 – The World Economic Forum

    Technology Convergence Report 2025 – The World Economic Forum

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    George Lopez is coming to Spokane – KXLY.com

    George Lopez is coming to Spokane – KXLY.com

    Netflix unveils Dallas immersive venue for fans of hit shows like ‘Squid Game,’ ‘Stranger Things’ – Houston Chronicle

    Step Inside Netflix’s New Dallas Immersive Experience Featuring Hits Like ‘Squid Game’ and ‘Stranger Things

    ‘Puttin’ on the Ritz’: Civic Players bring ‘Young Frankenstein’ to life – Yahoo

    Civic Players Deliver a Hilarious and Unforgettable Performance of ‘Young Frankenstein

    ‘Wheel of Fortune’: Amputee Wins $60,000 After Breaking Incredible ‘Curse’ – Hastings Tribune

    Wheel of Fortune’ Amputee Breaks Incredible ‘Curse’ to Win $60,000!

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    North Star Sports & Entertainment Network: Coming soon – KTTC News

    Safety concerns in Deep Ellum create apprehension as the entertainment district gains visitors – CBS News

    Safety Concerns Surge Amid Deep Ellum’s Booming Popularity and Growing Crowds

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Frontdoor Announces Tech Expert Dr. Bala Ganesh as Chief Technology Officer – Business Wire

    Frontdoor Appoints Tech Visionary Dr. Bala Ganesh as New Chief Technology Officer

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    Defense technology giant Northrop Grumman to host interviews in Iuka to fill technician roles – supertalk.fm

    China’s Military Introduces Mosquito-Sized Drones: A Game-Changing Surveillance Technology – Indian Defence Review

    China Unveils Mosquito-Sized Drones: Revolutionizing Surveillance Technology

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Marvell Technology Stock Rallies After AI Event Sparks Investor Optimism – Yahoo Finance

    Promising Technology Stocks To Follow Today – June 22nd – MarketBeat

    Top Technology Stocks to Watch Today – June 22nd

    Technology Convergence Report 2025 – The World Economic Forum

    Technology Convergence Report 2025 – The World Economic Forum

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Microsoft attacked over ‘grossly irresponsible’ security practice

August 4, 2023
in Technology
Microsoft attacked over ‘grossly irresponsible’ security practice
Share on FacebookShare on Twitter

The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’

Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 03 Aug 2023 11:58

Tenable’s CEO and former national cyber security director to the George W Bush administration, Amit Yoran, has hit out at Microsoft and accused the software giant of deliberately putting its customers’ security at risk by keeping them in the dark over the risks and vulnerabilities they face.

Yoran launched his attack after Tenable revealed the existence of a zero-day vulnerability in Microsoft Azure that, left unpatched, would enable limited, unauthorised access to cross-tenant applications and sensitive details – including, though not limited to, authentication secrets. He said Tenable customers – including an unnamed retail bank – are at this moment vulnerable to it.

He said Tenable had taken this issue to Microsoft at the end of March, but it had taken over three months for Redmond to issue a fix that turned out to be incomplete, and it would take until the end of September for the revised patch to be issued.

“Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service,” said Yoran.

“That means that as of today, the bank … is still vulnerable, more than 120 days since we reported the issue, as are all of the other organisations that had launched the service prior to the fix. And, to the best of our knowledge, they still have no idea they are at risk and therefore can’t make an informed decision about compensating controls and other risk mitigating actions.

“Microsoft claims that they will fix the issue by the end of September, four months after we notified them. That’s grossly irresponsible, if not blatantly negligent. We know about the issue, Microsoft knows about the issue, and hopefully threat actors don’t,” he said.

Yoran said the so-called shared responsibility model of cyber security espoused by public cloud providers, including Microsoft, was irretrievably broken if a provider fails to notify users of issues as they arise and apply fixes openly.

He argued that Microsoft was quick to ask for its users’ trust and confidence, but in return they get “very little transparency and a culture of toxic obfuscation”.

“How can a CISO, board of directors or executive team believe that Microsoft will do the right thing given the fact patterns and current behaviours? Microsoft’s track record puts us all at risk. And it’s even worse than we thought,” said Yoran.

“Microsoft’s lack of transparency applies to breaches, irresponsible security practices and to vulnerabilities, all of which expose their customers to risks they are deliberately kept in the dark about,” he added.

A Microsoft spokesperson said: “We appreciate the collaboration with the security community to responsibly disclose product issues. We follow an extensive process involving a thorough investigation, update development for all versions of affected products, and compatibility testing among other operating systems and applications.

“Microsoft’s lack of transparency applies to breaches, irresponsible security practices and to vulnerabilities, all of which expose their customers to risks they are deliberately kept in the dark about”

Amit Yoran, Tenable

“Ultimately, developing a security update is a delicate balance between timeliness and quality, while ensuring maximised customer protection with minimised customer disruption,” they said.

Computer Weekly understands that the initial fix issued by Microsoft did mitigate the impact of the vulnerability for the vast majority of Azure users, and that the issue has since been fully addressed for all customers who should need to take no further action.

Questions to be answered

Yoran’s diatribe comes as Microsoft faces pressure in the US over its 13 July disclosure that an advanced persistent threat (APT) actor, tracked as Storm-0558 and backed by the Chinese government, had hacked into email accounts at multiple US government agencies using forged authentication tokens via an acquired Microsoft account consumer signing key.

Among those understood to have had their email accounts compromised were Gina Raimondo, the US secretary of commerce, and Nicholas Burns, the US ambassador to China.

At the time, Microsoft took the unusual step of issuing something of a mea culpa, as executive vice-president of security Charlie Bell put it, “the accountability starts right here at Microsoft”.

The attack has understandably not gone over well in Washington DC, and later in July, a group of cross-party US senators, including Tim Kaine, who was Hilary Clinton’s running mate in the hacking-affected 2016 presidential election, wrote to US state department CIO Kelly Fletcher to demand more information on the circumstances surrounding it and establish what actually happened.

Separately, Oregon senator Ron Wyden has written to attorney general Merrick Garland, Federal Trade Commission (FTC) chair Lina Khan, and CISA director Jen Easterly to request the government “take action to hold Microsoft responsible for its negligent security practices, which enabled a successful Chinese espionage campaign against the United States government”.

Read more on Security policy and user awareness


Infosec experts divided on SEC four-day reporting rule

ArielleWaldman

By: Arielle Waldman


Tenable shifts focus, launches exposure management platform

ArielleWaldman

By: Arielle Waldman


Google patches yet another Chrome zero-day vulnerability

ShaunNichols

By: Shaun Nichols


4 critical flaws among 84 fixes in July Patch Tuesday

ShaunNichols

By: Shaun Nichols

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366546833/Microsoft-attacked-over-grossly-irresponsible-security-practice

Tags: attackedMicrosofttechnology
Previous Post

Brave’s privacy-focused search engine can now find images and videos

Next Post

UK government recruits panel to focus on semiconductors

House panel wrangles on rail safety technology – FreightWaves

House Panel Sparks Debate Over the Future of Rail Safety Technology

June 26, 2025
The Desert Sun unveils its Top Spring Athletes: History-makers and record-breakers – The Desert Sun

Meet This Spring’s Top Athletes: History-Makers and Record-Breakers Revealed!

June 26, 2025
HUD to move into the National Science Foundation headquarters, no current plan on where to relocate NSF employees – Government Executive

HUD to move into the National Science Foundation headquarters, no current plan on where to relocate NSF employees – Government Executive

June 25, 2025

Protecting the Boundless Future of U.S. Science: Tackling Tomorrow’s Challenges Today

June 25, 2025
LVMH’s Paris Olympics partnership wins Luxury and Lifestyle Grand Prix – Ad Age

LVMH Shines Bright with Luxury and Lifestyle Victory at Paris Olympics Partnership

June 25, 2025
Why the Strait of Hormuz, A Vital Oil Route, Is Vulnerable to Israel-Iran Conflict – The New York Times

Why the Strait of Hormuz, A Vital Oil Route, Is Vulnerable to Israel-Iran Conflict – The New York Times

June 25, 2025
Dying honey bees are threatening California’s economy. Can Central Valley lawmakers save them? – CalMatters

Dying honey bees are threatening California’s economy. Can Central Valley lawmakers save them? – CalMatters

June 25, 2025
Butler launches sports, entertainment institute focused on local events – Inside INdiana Business

Butler Launches Exciting New Sports and Entertainment Institute Spotlighting Local Events

June 25, 2025
Expert panel picked by RFK Jr. will scrutinize the vaccine schedule for kids – NPR

Expert panel picked by RFK Jr. will scrutinize the vaccine schedule for kids – NPR

June 25, 2025
What Is a Democratic Socialist? – The New York Times

What Is a Democratic Socialist? – The New York Times

June 25, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (698)
  • Economy (717)
  • Entertainment (21,612)
  • General (15,566)
  • Health (9,756)
  • Lifestyle (722)
  • News (22,149)
  • People (719)
  • Politics (724)
  • Science (15,935)
  • Sports (21,214)
  • Technology (15,702)
  • World (697)

Recent News

House panel wrangles on rail safety technology – FreightWaves

House Panel Sparks Debate Over the Future of Rail Safety Technology

June 26, 2025
The Desert Sun unveils its Top Spring Athletes: History-makers and record-breakers – The Desert Sun

Meet This Spring’s Top Athletes: History-Makers and Record-Breakers Revealed!

June 26, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version