Tux Machines

Latest attack on Microsoft much worse than initially disclosed

Posted by Rianne Schestowitz on Jan 29, 2024

Last November, Microsoft released a blog post claiming the company had put in place what it called a Secure Future Initiative which it described as a "new initiative to pursue our next generation of cybersecurity protection."

British security expert Kevin Beaumont said he had concluded that the reality of everything at Microsoft was too complex. "Lots of MS things ship in risky configurations, nobody (including Microsoft) can figure out how to scale securing it and everything is way too expensive, he said.

"Microsoft’s two biggest commercial security risks are ransomware groups, and /itself/.

"They've gone from saying attackers think in graphs to getting attackers to live on the Microsoft Graph, which has allowed them to monetise their cloud security failures."

Read on