Microsoft’s announcement that it plans to offer a Secure Access Service Edge solution (SASE), caused some waves in the market for those who have been seen as leading the SASE space.
Thus, it was likely unexpected when Microsoft had to report that malicious actors were able to forge Azure Active Directory tokens which resulted in a cybersecurity breach at more than two dozen companies. According to Microsoft, a Chinese-hacking group gained unauthorized access to customer email accounts, including those at the US State Department and the Commerce Department.
Investigators are still looking into how the hack occurred, but the event has left both Microsoft and the Biden administration in a state of increased frustration. When these events occur, people want answers, but oftentimes the initial stages of an investigation can prompt more questions than answers.
The news also came at a time when the Biden administration was attempting to build trust for the national cybersecurity strategy by publishing the 69 initiatives included in the strategy’s implementation plan. One consistent message put out by CISA Director, Jen Easterly, and echoed by Acting National Cyber Director, Kemba Walden, is that, “Meaningful change requires technology manufacturers and vendors to revamp design and development programs, and place a much greater priority on security.”
For more on how to revamp design and development programs with a greater priority on security, visit our Library of content where you can find a variety of topics to assist with your specific needs.
Now let’s look at what else made industry headlines this week.
Jul. 14: Attackers leveraged a zero day vulnerability to attack Lemmy, an open source software platform best known for being an alternative to Reddit.
Jul. 14: Infosecurity Magazine reported, “A generative AI tool, WormGPT, has emerged as a powerful weapon in the hands of cyber-criminals, specifically for launching business email compromise (BEC) attacks.”
Jul. 13: According to CIO News, Tenable conducted comprehensive research of, “the external attack surface of 25 of India’s organizations with the largest market caps [which] revealed that the average organization possesses over 12,000 internet-facing assets which are susceptible to potential exploitation, resulting in a total of more than 300,000 assets across the study group.”
Jul. 12: Reuters reported, “A U.S. appeals court on Wednesday temporarily blocked a Biden administration plan to improve cybersecurity for public water systems, after Republican-led states complained it would thrust burdensome costs on small and rural water suppliers.”
Jul. 12: Honeywell International Inc. is acquiring SCADAfence, to leverage the cybersecurity solutions the company provides for operational technology (OT) and Internet of Things (IoT) that enable monitoring large-scale networks.
Jul. 11: Dark Reading reported, “Personal details of Bangladeshi citizens found online by researcher included full names, phone numbers, email addresses, and national ID numbers.”