1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Tenable CEO says Microsoft failed to address a serious security f

    From TechnologyDaily@1337:1/100 to All on Thu Aug 3 11:30:03 2023
    Tenable CEO says Microsoft failed to address a serious security flaw

    Date:
    Thu, 03 Aug 2023 11:09:06 +0000

    Description:
    Tenable CEO slams Microsoft, saying its security practices are "grossly irresponsible" and blatantly negligent

    FULL STORY ======================================================================

    The CEO of cybersecurity company Tenable has taken to LinkedIn to heavily criticize Microsoft on its practices when it comes to patching high-severity flaws and other dangerous vulnerabilities.

    In a post published on (somewhat ironically) the Microsoft-owned platform, Amit Yoran said Microsoft has a history of non-transparent behavior with regards to breaches and vulnerabilities, all of which expose their customers to risks they are deliberately kept in the dark about.

    The CEO says that his company discovered a high severity flaw in the Azure platform in March 2023, which could allow threat actors to quickly discover authentication secrets. To emphasize the importance of the findings, Yoran said that the analysts discovered secrets to a bank, and soon after, they notified Microsoft of the issues. Many firms at risk

    The Redmond software giant acknowledged the findings within days, but took some three months to release a patch which, according to Yoran, was partial and did not address the issue fully. It only worked for new applications loaded in the service.

    That means that as of today, the bank I referenced above is still vulnerable, more than 120 days since we reported the issue, as are all of the other organizations that had launched the service prior to the fix, he says. And,
    to the best of our knowledge, they still have no idea they are at risk and therefore cant make an informed decision about compensating controls and
    other risk mitigating actions.

    According to Yoran, Microsoft promised a fix by the end of September, which
    is grossly irresponsible, if not blatantly negligent, he added. Read more

    These are the best malware removal tools


    Microsoft slammed for negligent cybersecurity following Chinese hack


    Microsoft is making some cloud security tools free following recent major
    hacks

    His writeup sparked quite the debate on LinkedIn, with almost a hundred different comments and remarks. Many of the people who chimed in agree with Yorans remarks, with one cynically saying so you're basically saying that nothing has changed in 30 years?.

    Microsoft is yet to comment on these allegations.

    Microsoft claims that they will fix the issue by the end of September, four months after we notified them. Thats grossly irresponsible, if not blatantly negligent. We know about the issue, Microsoft knows about the issue, and hopefully threat actors dont.

    Cloud providers have long espoused the shared responsibility model. That
    model is irretrievably broken if your cloud vendor doesnt notify you of
    issues as they arise and apply fixes openly.

    What you hear from Microsoft is just trust us, but what you get back is very little transparency and a culture of toxic obfuscation. How can a CISO, board of directors or executive team believe that Microsoft will do the right thing given the fact patterns and current behaviors? Microsofts track record puts
    us all at risk. And its even worse than we thought. Check out the best endpoint protection and best firewalls for a handy cybersecurity boost



    ======================================================================
    Link to news story: https://www.techradar.com/pro/tenable-ceo-says-microsoft-failed-to-address-a-s erious-security-flaw


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)