Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack

Submitted ⁨⁨11⁩ ⁨months⁩ ago⁩ by ⁨BrikoX@lemmy.zip⁩ to ⁨technology@lemmy.zip⁩

https://www.bleepingcomputer.com/news/security/microsoft-still-unsure-how-hackers-stole-msa-key-in-2023-exchange-attack/

The U.S. Department of Homeland Security’s Cyber Safety Review Board (CSRB) has released a scathing report on how Microsoft handled its 2023 Exchange Online attack, warning that the company needs to do better at securing data and be more truthful about how threat actors stole an Azure signing key.

source

Comments

Sort:hotnew top

treadful@lemmy.zip ⁨11⁩ ⁨months⁩ ago

Creating the “Big Yellow Taxi” rule was possible because the U.S. State Department purchased a Microsoft 365 Government G5 license that comes with enhanced logging through the premium tier of Microsoft’s Purview Audit service.

Barf

source
- Kit@lemmy.blahaj.zone ⁨11⁩ ⁨months⁩ ago
  Whats barf worthy about that?
  
  source