Techno Blender
Digitally Yours.

Why Microsoft has decided to offer some security products for free

0 48


Microsoft recently discovered a “China-based threat actor” named Storm-0558 and revealed that the espionage group stole a key which allowed it to break into email inboxes of several US government agencies. The company was criticised for the hack and following the criticism, the tech giant has now announced it will offer a few security logs at no additional cost.

“Today we are expanding Microsoft’s cloud logging accessibility and flexibility even further. Over the coming months, we will include access to wider cloud security logs for our worldwide customers at no additional cost,” the company announced after it was criticised for its mistakes.

Microsoft said the move is a response to the increasing frequency and evolution of nation-state cyber threats and its additional steps will protect its customers and “increase the secure-by-default baseline.”

“These steps are the result of close coordination with commercial and government customers, and with the Cybersecurity and Infrastructure Security Agency (CISA) about the types of security log data Microsoft provides to cloud customers for insight and analysis,” the company noted.

Why this incident matters to Microsoft
This incident was a concern for Microsoft as it came under fire for the incident, which has been deemed as the biggest breach of unclassified US government data since the Russian espionage campaign in 2020 that hacked SolarWinds.

It was reported that Microsoft did not offer every government department the same level of security logging that was available to departments with higher-paid tier accounts.

At that time, Microsoft said in a blog post that “accountability starts with us” and that it was “continually self-evaluating, learning from incidents” and strengthening its defences.

The company clarified that the hacking took place not by hijacking computers or stealing passwords but by taking advantage of an undisclosed security issue with the company’s online email service. It acknowledged that the hack was due to a coding flaw, which was spotted by one of the victims who was reviewing their digital logs.

How hackers used Microsoft’s Key
Microsoft said the hackers acquired one of its consumer signing keys or MSA key, which helps the company secure consumer email accounts, like Outlook.com. The hackers were using the MSA key to forge tokens, allowing their entry into enterprise inboxes.

FacebookTwitterLinkedin



end of article


Why Microsoft has decided to offer some security products for free

Microsoft recently discovered a “China-based threat actor” named Storm-0558 and revealed that the espionage group stole a key which allowed it to break into email inboxes of several US government agencies. The company was criticised for the hack and following the criticism, the tech giant has now announced it will offer a few security logs at no additional cost.

“Today we are expanding Microsoft’s cloud logging accessibility and flexibility even further. Over the coming months, we will include access to wider cloud security logs for our worldwide customers at no additional cost,” the company announced after it was criticised for its mistakes.

Microsoft said the move is a response to the increasing frequency and evolution of nation-state cyber threats and its additional steps will protect its customers and “increase the secure-by-default baseline.”

“These steps are the result of close coordination with commercial and government customers, and with the Cybersecurity and Infrastructure Security Agency (CISA) about the types of security log data Microsoft provides to cloud customers for insight and analysis,” the company noted.

Why this incident matters to Microsoft
This incident was a concern for Microsoft as it came under fire for the incident, which has been deemed as the biggest breach of unclassified US government data since the Russian espionage campaign in 2020 that hacked SolarWinds.

It was reported that Microsoft did not offer every government department the same level of security logging that was available to departments with higher-paid tier accounts.

At that time, Microsoft said in a blog post that “accountability starts with us” and that it was “continually self-evaluating, learning from incidents” and strengthening its defences.

The company clarified that the hacking took place not by hijacking computers or stealing passwords but by taking advantage of an undisclosed security issue with the company’s online email service. It acknowledged that the hack was due to a coding flaw, which was spotted by one of the victims who was reviewing their digital logs.

How hackers used Microsoft’s Key
Microsoft said the hackers acquired one of its consumer signing keys or MSA key, which helps the company secure consumer email accounts, like Outlook.com. The hackers were using the MSA key to forge tokens, allowing their entry into enterprise inboxes.

FacebookTwitterLinkedin



end of article

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Leave a comment