Has Microsoft cut security corners once too often?


As Microsoft revealed tidbits of its post-mortem investigation into a Chinese attack against US government agencies via Microsoft, two details stand out: the company violated its own policy and did not store security keys within a Hardware Security Module (HSM) — and the keys were successfully used by attackers even though they had expired years earlier. 

This is simply the latest example of Microsoft quietly cutting corners on cybersecurity and then only telling anyone when it gets caught. 

Previous Story

2022 Top Routinely Exploited Vulnerabilities

Next Story

Precision Anesthesia Billing, LLC Files Notice of Data Breach Affecting Over 209k Individuals