Microsoft President Takes Full Accountability, YouTube Ad Injections, Sleepy Pickle Cyber Attack The Daily Decrypt
-
- Tech News
In today's episode, we discuss Microsoft's commitment to take full responsibility for security failures, as detailed in Brad Smith's House testimony (https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/), YouTube's testing of harder-to-block server-side ad injections affecting ad blockers like SponsorBlock, along with the potential solutions (https://www.bleepingcomputer.com/news/google/youtube-tests-harder-to-block-server-side-ad-injection-in-videos/), and the new "Sleepy Pickle" attack technique that targets machine learning models, posing severe supply chain risks (https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html). Tune in for a detailed analysis of these pressing cybersecurity issues and their broader implications.
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
Tags: Microsoft, President, Security, Cybersecurity, Brad Smith, House testimony, Security failures, State-linked cyberattacks, U.S. federal agencies, Cyber attack, Machine learning, Sleepy Pickle, Pickle format, Supply chain risk
Search Phrases: Microsoft security failures, Brad Smith House testimony, U.S. federal agencies cyber attack, State-linked cyberattack Microsoft, Measures to improve Microsoft cybersecurity, Sleepy Pickle machine learning, Protecting machine learning models, Cybersecurity in Pickle format, Supply chain risks in cybersecurity, Advanced server-side ad injection YouTube
Microsoft will take full ownership for security failures in House testimony
https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/ ---`- Microsoft's Accountability: Brad Smith, Microsoft’s vice chair and president, commits to taking full responsibility for recent security failures in his written testimony to the U.S. House Committee on Homeland Security. This is a critical move for transparency and accountability in the cybersecurity sector.
State-Linked Cyberattacks: The testimony follows two significant state-linked cyberattacks on Microsoft. Hackers from the People's Republic of China targeted Microsoft Exchange Online, compromising 22 organizations and 500 individuals, including high-profile figures like U.S. Commerce Secretary Gina Raimondo. Another attack from the Russia-linked Midnight Blizzard group compromised senior executives' credentials, impacting federal agency security.
Preventable Breaches: A report by the U.S. Cyber Safety Review Board criticized Microsoft for prioritizing speed to market and new features over security, labeling the attacks as preventable. This highlights the importance for cybersecurity professionals to balance innovation with robust security measures.
Security Recommendations: The Cyber Safety Review Board issued 25 recommendations to improve security, 16 specifically for Microsoft. These recommendations are essential for Microsoft and the broader cloud security industry to address vulnerabilities and prevent future breaches.
Phishing Attack Surge: Nation-state cyber activity has intensified, with Microsoft experiencing 47 million phishing attacks against its employees and 345 million daily attacks against its customers. This underscores the importance of phishing awareness and training for all cybersecurity professionals.
Enhanced Security Measures: To bolster internal security, Microsoft plans to link senior executive compensation to meeting security goals, demonstrating a commitment to accountability. Additionally, the company has invited the Cybersecurity and Infrastructure Security Agency (CISA) to its headquarters for a detailed briefing on their security strategy.
Industry Implications: Critics argue that Microsoft's dominant position in federal systems should be re-evaluated given its security lapses. This raises questions about the broader implications for vendor accountability and the need for stringent se
In today's episode, we discuss Microsoft's commitment to take full responsibility for security failures, as detailed in Brad Smith's House testimony (https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/), YouTube's testing of harder-to-block server-side ad injections affecting ad blockers like SponsorBlock, along with the potential solutions (https://www.bleepingcomputer.com/news/google/youtube-tests-harder-to-block-server-side-ad-injection-in-videos/), and the new "Sleepy Pickle" attack technique that targets machine learning models, posing severe supply chain risks (https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html). Tune in for a detailed analysis of these pressing cybersecurity issues and their broader implications.
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
Tags: Microsoft, President, Security, Cybersecurity, Brad Smith, House testimony, Security failures, State-linked cyberattacks, U.S. federal agencies, Cyber attack, Machine learning, Sleepy Pickle, Pickle format, Supply chain risk
Search Phrases: Microsoft security failures, Brad Smith House testimony, U.S. federal agencies cyber attack, State-linked cyberattack Microsoft, Measures to improve Microsoft cybersecurity, Sleepy Pickle machine learning, Protecting machine learning models, Cybersecurity in Pickle format, Supply chain risks in cybersecurity, Advanced server-side ad injection YouTube
Microsoft will take full ownership for security failures in House testimony
https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/ ---`- Microsoft's Accountability: Brad Smith, Microsoft’s vice chair and president, commits to taking full responsibility for recent security failures in his written testimony to the U.S. House Committee on Homeland Security. This is a critical move for transparency and accountability in the cybersecurity sector.
State-Linked Cyberattacks: The testimony follows two significant state-linked cyberattacks on Microsoft. Hackers from the People's Republic of China targeted Microsoft Exchange Online, compromising 22 organizations and 500 individuals, including high-profile figures like U.S. Commerce Secretary Gina Raimondo. Another attack from the Russia-linked Midnight Blizzard group compromised senior executives' credentials, impacting federal agency security.
Preventable Breaches: A report by the U.S. Cyber Safety Review Board criticized Microsoft for prioritizing speed to market and new features over security, labeling the attacks as preventable. This highlights the importance for cybersecurity professionals to balance innovation with robust security measures.
Security Recommendations: The Cyber Safety Review Board issued 25 recommendations to improve security, 16 specifically for Microsoft. These recommendations are essential for Microsoft and the broader cloud security industry to address vulnerabilities and prevent future breaches.
Phishing Attack Surge: Nation-state cyber activity has intensified, with Microsoft experiencing 47 million phishing attacks against its employees and 345 million daily attacks against its customers. This underscores the importance of phishing awareness and training for all cybersecurity professionals.
Enhanced Security Measures: To bolster internal security, Microsoft plans to link senior executive compensation to meeting security goals, demonstrating a commitment to accountability. Additionally, the company has invited the Cybersecurity and Infrastructure Security Agency (CISA) to its headquarters for a detailed briefing on their security strategy.
Industry Implications: Critics argue that Microsoft's dominant position in federal systems should be re-evaluated given its security lapses. This raises questions about the broader implications for vendor accountability and the need for stringent se