Encircle News!

Retro Game Arcade
, , , , , , , ,

US cyber board to investigate Microsoft hack of government emails

Zack Whittaker

A U.S. review board tasked with investigating major cybersecurity incidents said it will begin looking at the recent intrusion of U.S. government email systems provided by Microsoft, whose handling of the incident drew ire and scrutiny from federal lawmakers and the wider security community.

The Cyber Security Review Board, or CSRB, said Friday that its latest investigation will include a “broader review of issues relating to cloud-based identity and authentication infrastructure.”

The board said it began considering an investigation after learning of the Microsoft cloud breach, which saw China state-backed hackers break into government email accounts, including the inbox of U.S. Commerce Secretary Gina Raimondo, several officials at the U.S. State Department, and other organizations not yet publicly named.

According to the slow-drip of information about the incident, Microsoft said China-backed hackers stole a sensitive signing key that allowed unauthorized access to enterprise and government email inboxes hosted by the technology giant. That stolen key, coupled with a flaw that Microsoft has since patched, allowed the forging of authentication tokens that the hackers used to access the target’s email accounts as if they were the rightful owners.

The intrusions began in mid-May but were not detected until a month later, when State Department officials detected the breach and notified Microsoft. It was only because the State Department used a higher-paid tier account that allowed access to logs that Microsoft keeps, which first revealed the hacks. Other departments with a lower paid tier were not given access to logs that may have spotted the intrusions sooner.

Following criticism, Microsoft capitulated soon after, saying it would make logs available for customers at no additional cost from September.

Ron Wyden, a Democratic lawmaker on the Senate Intelligence Committee, blasted Microsoft in a scathing letter to government agencies requesting an investigation into whether “lax cybersecurity practices” enabled Chinese hackers to spy on high-ranking federal government officials.

Wyden also called on the CSRB to investigate the incident.

In carrying out a post-mortem of the hack, Homeland Security secretary Alejandro Mayorkas said in remarks it was “imperative” to understand the vulnerabilities in cloud technologies that are relied on by U.S. organizations.

“Actionable recommendations from the CSRB will help all organizations better secure their data and further cyber resilience,” said Mayorkas.

This is the CSRB’s third investigation since it was founded by executive order in 2021 by President Biden. The board, which includes representatives from government and cybersecurity experts in the private sector, serves to review major cybersecurity events and identify recommendations to prevent future incidents.

The CSRB’s first investigation looked at the fallout from the Log4j vulnerability in 2020, and its second — published this week — examined recent attacks by the Lapsus$ hacking group,

Microsoft lost its keys, and the government got hacked

https://techcrunch.com/2023/08/11/cyber-security-review-board-microsoft-hack-government-emails/

Follow Us

Featured Posts

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 1007: All the Hotdogs in the World – China's 'Salt Typhoon' Hack, Google on the Chopping Block, Recall AI This Week in Tech (Audio)

In this episode of This Week in Tech, the panel tackles the "biggest hack in US history," the future of AI, and the role of government in tech. From the Chinese hack's implications to Microsoft's AI-powered Recall, the Supreme Court's tech-related cases, and the push for social media age verification, Leo Laporte, Patrick Beja, Wesley Faulkner, and Alex Wilhelm provide insightful analysis and lively discussion on the most pressing issues facing the industry today. China's "Salt Typhoon" hack, dubbed the "worst hack in our nation's history," which compromised US telecommunications infrastructure and allowed surveillance of high-profile individuals The panel debates the challenges of securing outdated infrastructure and the role of government in regulating tech companies DOJ's push for Google to sell off Chrome to break its search monopoly, and the potential implications for competition and innovation Alex Wilhelm's article "If you like startups, you should love anti-trust" and the importance of fostering competition in the tech industry Microsoft's Windows 365 Link, a $349 mini PC that streams Windows from the cloud, and the potential for thin client computing Microsoft's Recall AI feature, which records and indexes users' screen activity, raising security concerns but offering potential benefits for users The Supreme Court's involvement in cases related to Facebook's Cambridge Analytica data breach and the fate of America's low-income broadband fund The panel also discusses their personal experiences with parenting in the digital age and the challenges of balancing screen time, privacy, and education for children Meta's push for Apple and Google to verify users' ages on social media platforms, and the challenges of implementing effective age verification while protecting user privacy Amazon's talks with Instacart, Uber, Ticketmaster, and others to enhance its AI-powered Alexa assistant Spirit Airlines filing for bankruptcy amidst financial losses and mounting debt payments Alex laments the addition of ads to Amazon Prime Video and the panel debates the tradeoffs of bundled subscription services Host: Leo Laporte Guests: Patrick Beja, Wesley Faulkner, and Alex Wilhelm Download or subscribe to This Week in Tech at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Melissa.com/twit shopify.com/twit veeam.com lookout.com bitwarden.com/twit
  1. TWiT 1007: All the Hotdogs in the World – China's 'Salt Typhoon' Hack, Google on the Chopping Block, Recall AI
  2. TWiT 1006: Underwater Alien Civilizations – Bluesky Growth, Tyson Vs. Paul, AI Granny
  3. TWiT 1005: $125,000 in Baguettes – iPod Turns 23, The $1.1M AI Painting, Roblox
  4. TWiT 1004: Embrace Uncertainty – Political Texts, Daylight Saving Time, Digital Ad Market
  5. TWiT 1003: CrabStrike – Delta Sues Crowdstrike, Hospital AI, Surge Pricing