HomeWeb3CybersecurityMicrosoft neglects cybersecurity protocols, claims Tenable

Microsoft accused of negligence in cybersecurity, Tenable confirms Chinese espionage against the US government

In the wake of growing cyber attacks, Microsoft has been accused of cybersecurity negligence by the network security giant, Tenable.

Nidhi Bhardwaj
New Delhi,UPDATED: Aug 8, 2023 18:20 IST
Microsoft accused of negligence in cybersecurity, Tenable confirms Chinese espionage against the US government
Microsoft accused of negligence in cybersecurity, Tenable confirms Chinese espionage against the US government

Highlights

  • Tenable research team had previously investigated Azure's security concerns
  • The CEO of Tenable demands an explanation from Microsoft for the ‘lack of transparency’
  • The team of Tenable is unhappy with the Microsoft's response on the problem

Recently, Amit Yoran, the chairman and CEO of network security giant, Tenable, turned to the Microsoft-owned networking platform LinkedIn to express his complaints regarding the company's security procedures after Microsoft acknowledged that its Azure platform had been compromised by the Chinese hacking group, Storm-0558. 

Microsoft is missing a moral compass when it comes to cyber practices and putting their customers at risk …https://t.co/tR4GcGBU3r

Yoran demands an explanation from Microsoft for the ‘lack of transparency’ and a repeated pattern of negligent cybersecurity practices, which has enabled Chinese espionage against the United States government by citing a letter recently sent by US Senator, Ron Wyden, to the Federal Trade Commission (FTC), the Department of Justice (DoJ), and the Cybersecurity and Infrastructure Security Agency (CISA). 

Tenable accuses Microsoft of hacking 

According to Google Project Zero statistics, Yoran, who cited the letter and posted on the LinkedIn network, which is controlled by Microsoft, claimed that Microsoft products were responsible for an aggregate 42.5 percent of all zero-days discovered since 2014. 

Yoran further claims that while investigating the potential Azure security flaws, members of Tenable's research team unwittingly gained access to some highly private bank authentication information. 

Later on, Yoran's team informed Microsoft of the problem, and they were unhappy with the company's response. To substantiate the problem, Yoran mentioned, "Did Microsoft quickly address the problem that could have effectively resulted in the compromise of multiple customers' networks and services?" and the answer is no. To create a partial fix, which was only for newly loaded applications in the service, the tech giant took more than 90 days.

Yoran admits late response from Microsoft 

Microsoft's pledge to fix the problems by September 2023, according to Yoran, is grossly irresponsible, if not blatantly negligent, as it would imply that the bank details themselves would still be exposed even though Microsoft was made aware of the problem four months ago.