* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Thursday, June 5, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

    Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

    ‘Sinners,’ starring Michael B. Jordan, is now streaming on Prime Video – About Amazon

    Experience the Thrills of ‘Sinners’ Starring Michael B. Jordan – Now Streaming on Prime Video!

    California Mid-State Fair announces entertainment lineups for Frontier and Mission stages – KSBY News

    Exciting Entertainment Lineup Unveiled for California Mid-State Fair’s Frontier and Mission Stages!

    Spotify & OpenAI: Will Gen AI ‘Hollow Out’ Entertainment? – Technology Magazine

    Will Generative AI Transform the Future of Entertainment

    Author Richard Russo Will Speak At Sandwich Town Hall – CapeNews.net

    Join Us for an Inspiring Evening with Author Richard Russo at Sandwich Town Hall!

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Domo to Participate in the D.A. Davidson Technology Summit – Business Wire

    Domo Set to Shine at the D.A. Davidson Technology Summit!

    When fiction becomes fact: 3 pieces of modern technology inspired by Star Trek – Redshirts Always Die

    From Screen to Reality: 3 Modern Technologies Inspired by Star Trek

    The Isfahan Center for Nuclear Technology – UCF, ZPP, and IRR10 – Alma Research and Education Center

    Exploring the Isfahan Center for Nuclear Technology: Innovations and Insights from UCF, ZPP, and IRR10

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    AI for lawyers: Win back your time using technology – nationaljurist.com

    Reclaim Your Time: How AI is Transforming the Legal Profession

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

    Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

    ‘Sinners,’ starring Michael B. Jordan, is now streaming on Prime Video – About Amazon

    Experience the Thrills of ‘Sinners’ Starring Michael B. Jordan – Now Streaming on Prime Video!

    California Mid-State Fair announces entertainment lineups for Frontier and Mission stages – KSBY News

    Exciting Entertainment Lineup Unveiled for California Mid-State Fair’s Frontier and Mission Stages!

    Spotify & OpenAI: Will Gen AI ‘Hollow Out’ Entertainment? – Technology Magazine

    Will Generative AI Transform the Future of Entertainment

    Author Richard Russo Will Speak At Sandwich Town Hall – CapeNews.net

    Join Us for an Inspiring Evening with Author Richard Russo at Sandwich Town Hall!

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

    Entertainment Partners Acquires CASHét, Digital Payments Vendor for Productions – Variety

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Domo to Participate in the D.A. Davidson Technology Summit – Business Wire

    Domo Set to Shine at the D.A. Davidson Technology Summit!

    When fiction becomes fact: 3 pieces of modern technology inspired by Star Trek – Redshirts Always Die

    From Screen to Reality: 3 Modern Technologies Inspired by Star Trek

    The Isfahan Center for Nuclear Technology – UCF, ZPP, and IRR10 – Alma Research and Education Center

    Exploring the Isfahan Center for Nuclear Technology: Innovations and Insights from UCF, ZPP, and IRR10

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Inside the tedious effort to tally AI’s energy appetite – MIT Technology Review

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    Finland Set to Lead EU Quantum Technology Defense Project – IoT World Today

    AI for lawyers: Win back your time using technology – nationaljurist.com

    Reclaim Your Time: How AI is Transforming the Legal Profession

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Microsoft attacked over ‘grossly irresponsible’ security practice

August 4, 2023
in Technology
Microsoft attacked over ‘grossly irresponsible’ security practice
Share on FacebookShare on Twitter

The CEO of Tenable has launched a scathing attack on Microsoft, asserting that the organisation is deliberately keeping its Azure cloud customers in the dark about dangerous vulnerabilities and accusing it of a culture of ‘toxic obfuscation’

Alex Scroxton

By

Alex Scroxton,
Security Editor

Published: 03 Aug 2023 11:58

Tenable’s CEO and former national cyber security director to the George W Bush administration, Amit Yoran, has hit out at Microsoft and accused the software giant of deliberately putting its customers’ security at risk by keeping them in the dark over the risks and vulnerabilities they face.

Yoran launched his attack after Tenable revealed the existence of a zero-day vulnerability in Microsoft Azure that, left unpatched, would enable limited, unauthorised access to cross-tenant applications and sensitive details – including, though not limited to, authentication secrets. He said Tenable customers – including an unnamed retail bank – are at this moment vulnerable to it.

He said Tenable had taken this issue to Microsoft at the end of March, but it had taken over three months for Redmond to issue a fix that turned out to be incomplete, and it would take until the end of September for the revised patch to be issued.

“Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service,” said Yoran.

“That means that as of today, the bank … is still vulnerable, more than 120 days since we reported the issue, as are all of the other organisations that had launched the service prior to the fix. And, to the best of our knowledge, they still have no idea they are at risk and therefore can’t make an informed decision about compensating controls and other risk mitigating actions.

“Microsoft claims that they will fix the issue by the end of September, four months after we notified them. That’s grossly irresponsible, if not blatantly negligent. We know about the issue, Microsoft knows about the issue, and hopefully threat actors don’t,” he said.

Yoran said the so-called shared responsibility model of cyber security espoused by public cloud providers, including Microsoft, was irretrievably broken if a provider fails to notify users of issues as they arise and apply fixes openly.

He argued that Microsoft was quick to ask for its users’ trust and confidence, but in return they get “very little transparency and a culture of toxic obfuscation”.

“How can a CISO, board of directors or executive team believe that Microsoft will do the right thing given the fact patterns and current behaviours? Microsoft’s track record puts us all at risk. And it’s even worse than we thought,” said Yoran.

“Microsoft’s lack of transparency applies to breaches, irresponsible security practices and to vulnerabilities, all of which expose their customers to risks they are deliberately kept in the dark about,” he added.

A Microsoft spokesperson said: “We appreciate the collaboration with the security community to responsibly disclose product issues. We follow an extensive process involving a thorough investigation, update development for all versions of affected products, and compatibility testing among other operating systems and applications.

“Microsoft’s lack of transparency applies to breaches, irresponsible security practices and to vulnerabilities, all of which expose their customers to risks they are deliberately kept in the dark about”

Amit Yoran, Tenable

“Ultimately, developing a security update is a delicate balance between timeliness and quality, while ensuring maximised customer protection with minimised customer disruption,” they said.

Computer Weekly understands that the initial fix issued by Microsoft did mitigate the impact of the vulnerability for the vast majority of Azure users, and that the issue has since been fully addressed for all customers who should need to take no further action.

Questions to be answered

Yoran’s diatribe comes as Microsoft faces pressure in the US over its 13 July disclosure that an advanced persistent threat (APT) actor, tracked as Storm-0558 and backed by the Chinese government, had hacked into email accounts at multiple US government agencies using forged authentication tokens via an acquired Microsoft account consumer signing key.

Among those understood to have had their email accounts compromised were Gina Raimondo, the US secretary of commerce, and Nicholas Burns, the US ambassador to China.

At the time, Microsoft took the unusual step of issuing something of a mea culpa, as executive vice-president of security Charlie Bell put it, “the accountability starts right here at Microsoft”.

The attack has understandably not gone over well in Washington DC, and later in July, a group of cross-party US senators, including Tim Kaine, who was Hilary Clinton’s running mate in the hacking-affected 2016 presidential election, wrote to US state department CIO Kelly Fletcher to demand more information on the circumstances surrounding it and establish what actually happened.

Separately, Oregon senator Ron Wyden has written to attorney general Merrick Garland, Federal Trade Commission (FTC) chair Lina Khan, and CISA director Jen Easterly to request the government “take action to hold Microsoft responsible for its negligent security practices, which enabled a successful Chinese espionage campaign against the United States government”.

Read more on Security policy and user awareness


Infosec experts divided on SEC four-day reporting rule

ArielleWaldman

By: Arielle Waldman


Tenable shifts focus, launches exposure management platform

ArielleWaldman

By: Arielle Waldman


Google patches yet another Chrome zero-day vulnerability

ShaunNichols

By: Shaun Nichols


4 critical flaws among 84 fixes in July Patch Tuesday

ShaunNichols

By: Shaun Nichols

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : Computer Weekly – https://www.computerweekly.com/news/366546833/Microsoft-attacked-over-grossly-irresponsible-security-practice

Tags: attackedMicrosofttechnology
Previous Post

Brave’s privacy-focused search engine can now find images and videos

Next Post

UK government recruits panel to focus on semiconductors

Art meets ecology in the outback – UNSW Sydney

Where Art and Ecology Converge: A Journey Through the Outback

June 5, 2025
Tall ship brings ESA ocean science training to Nice – European Space Agency

Set Sail for Science: Tall Ship Anchors Ocean Research Training in Nice!

June 5, 2025
Immigration Research Shows Stephen Miller Wrong About American Science – Forbes

Debunking Stephen Miller: The Truth About Immigration’s Impact on American Science

June 5, 2025
Can Lifestyle Changes Save Lives in Colon Cancer? – Medscape

Transform Your Health: How Lifestyle Changes Can Combat Colon Cancer

June 5, 2025
Black-hole scattering calculations could shed light on gravitational waves – Physics World

Unlocking the Secrets of Gravitational Waves: The Role of Black-Hole Scattering Calculations

June 5, 2025
Fed: The Economy Is Slowing As ‘Companies Can’t Figure Out the Rules of This Tariff Game’ – Investopedia

Fed Signals Economic Slowdown: Companies Struggle to Navigate the Tariff Maze

June 5, 2025
Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

Fox News Entertainment Newsletter: Celebrities mentioned during Diddy’s high-profile sex trafficking trial – Fox News

June 5, 2025
Axxam and Molecular Health link on therapeutic target identification – Pharmaceutical Technology

Unlocking New Possibilities: Axxam and Molecular Health Collaborate on Innovative Therapeutic Target Identification

June 5, 2025
Opinion | The Right Is Getting Even More Regressive on Gender – The New York Times

Opinion | The Right Is Getting Even More Regressive on Gender – The New York Times

June 5, 2025
Capsol Technologies ASA: Two US engineering studies awarded – mature pipeline projects advancing – Cision News

Capsol Technologies ASA Secures Two Major US Engineering Studies, Advancing Promising Pipeline Projects!

June 5, 2025

Categories

Archives

June 2025
MTWTFSS
 1
2345678
9101112131415
16171819202122
23242526272829
30 
« May    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (668)
  • Economy (682)
  • Entertainment (21,588)
  • General (15,264)
  • Health (9,724)
  • Lifestyle (685)
  • News (22,149)
  • People (683)
  • Politics (691)
  • Science (15,901)
  • Sports (21,186)
  • Technology (15,667)
  • World (668)

Recent News

Art meets ecology in the outback – UNSW Sydney

Where Art and Ecology Converge: A Journey Through the Outback

June 5, 2025
Tall ship brings ESA ocean science training to Nice – European Space Agency

Set Sail for Science: Tall Ship Anchors Ocean Research Training in Nice!

June 5, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version