TECH NEWS – Tenant’s chairman and CEO says security problems on Microsoft’s Azure platform could have allowed banking data to fall into unauthorized hands.

Microsoft confirmed back in mid-July that a Chinese hacker group, Storm-0558, had attacked the Azure platform. Now the CEO of Tenable, a network security giant, Yoran has expressed his displeasure on Microsoft’s other venue, LinkedIn, and says the Redmond company’s security practices need a thorough rethink.

The Verge reported that Yoran called Microsoft to account for its lack of transparency and sloppy cybersecurity actions, as the Chinese state party was able to spy on the US government, citing a letter written by US Senator Ron Wyden. Wyden sent this letter to the Cybersecurity and Infrastructure Security Agency (CISA), the Department of Justice (DoJ) and the Federal Trade Commission (FTC).

Google’s Project Zero data only reinforces the situation, with Yoran pointing out that Microsoft products have accounted for 42.5% of zero-day vulnerabilities discovered since 2014. Tenable’s chief executive has spoken out against Microsoft, especially on Azure. His research team used to check for security flaws, but they didn’t get what they expected because they had access to sensitive bank credentials. The team immediately notified Microsoft, and Yoran is quite upset about how the Redmond team handles the matter.

“Did Microsoft quickly fix the issue that could effectively lead to the breach of multiple customers’ networks and services? Of course not. They took more than 90 days to implement a partial fix – and only for new applications loaded in the service,” Yoran wrote, and 120 days have passed since the notification, so the LinkedIn post didn’t immediately go online. Microsoft’s attitude is best expressed by stating when they plan to fix the bug: BY SEPTEMBER! For this reason, we have to agree with Yoran: a four-month wait is irresponsible and also negligent. Even if they fixed it since.

Source: PCGamer