Tux Machines

Windows TCO and Microsoft Pressure

Posted by Roy Schestowitz on Jul 15, 2023

=> Review of SunFounder Raspberry Pi UPS Power Supply | Games: PooShooter: Toilet Invaders, Alterium Shift, and More

Microsoft comes under pressure as more details of breach emerge

=> ↺ Microsoft comes under pressure as more details of breach emerge

Microsoft is coming under increasing pressure from both the security community and the US government after it was disclosed that the company's cloud platform was breached and emails stolen from a number of government agencies, allegedly by Chinese attackers.

Adding to the pressure on the Redmond software giant is the fact that the breach itself was discovered by employees of the US State Department who then informed Microsoft about it.

Microsoft cloud breached, but US Government had to tell it so

=> ↺ Microsoft cloud breached, but US Government had to tell it so

The email account of US Commerce Secretary Gina Raimondo was among a slew of accounts breached at both the State and Commerce Departments by attackers, claimed to be from China, who gained access through a vulnerability in Microsoft's Azure cloud platform.

Chinese [crackers] breach email of Commerce Secretary Raimondo and State Department officials

=> ↺ Chinese [crackers] breach email of Commerce Secretary Raimondo and State Department officials

The Microsoft vulnerability was discovered last month by the State Department. Also targeted were the email accounts of a congressional staffer, a U.S. human rights advocate and U.S. think tanks, officials and security professionals said. State and Commerce were the only two executive branch agencies known to be breached, officials said.

Microsoft blithely signing malicious drivers with legitimate certificates

=> ↺ Microsoft blithely signing malicious drivers with legitimate certificates

In a statement, the security firm said drivers signed by WHCP would be fully trusted by any Windows system. This meant "attackers can install them without raising any alarms and proceed to carry out malicious activity virtually unimpeded",

This phenomenon does not appear to be new; in 2021, as British security guru Kevin Beaumont pointed out on Mastodon, Microsoft did exactly the same thing.

Hillsborough notifies 70,000 of potential data breach in health, aging services

=> ↺ Hillsborough notifies 70,000 of potential data breach in health, aging services

A county news release said MOVEit, notified the county of a breach June 1 and staff began installing security measures. On June 18, the county’s cyber security staff learned files belong to the Health Care Services and Aging Services departments had potentially been at risk. The files contained protected health and personal information, including names, Social Security numbers, dates of birth, home addresses, medical conditions, diagnoses and disabilities.

Chinese [cracking] operation puts Microsoft in the crosshairs over security failures

=> ↺ Chinese [cracking] operation puts Microsoft in the crosshairs over security failures

As the Biden administration pushes a so-called “secure by default” approach to cybersecurity as a part of the White House National Cybersecurity Strategy, the fact that Microsoft up-charges customers for security features — even to discover its own flaws — has some officials questioning the reliance on huge tech firms that play a central role in Washington’s broader computer security initiatives.

“Offering insecure products and then charging people premium features necessary to not get [breached] is like selling a car and then charging extra for seatbelts and airbags,” Sen. Ron Wyden, D-Ore., said in a statement.

F.T.C. Opens Investigation Into ChatGPT Maker Over Technology’s Potential Harms

=> ↺ F.T.C. Opens Investigation Into ChatGPT Maker Over Technology’s Potential Harms

In a 20-page letter sent to the San Francisco company this week, the agency said it was also looking into OpenAI’s security practices. The F.T.C. asked OpenAI dozens of questions in its letter, including how the start-up trains its A.I. models and treats personal data, and said the company should provide the agency with documents and details.

The F.T.C. is examining whether OpenAI “engaged in unfair or deceptive privacy or data security practices or engaged in unfair or deceptive practices relating to risks of harm to consumers,” the letter said.

ChatGPT co faces FTC probe over tech harms

=> ↺ ChatGPT co faces FTC probe over tech harms

The FTC's investigation poses the first major regulatory threat to OpenAI. Sam Altman, the startup's co-founder, testified in Congress in May and said he invited AI legislation to oversee the fast-growing industry, which is under scrutiny because of how the technology can potentially kill jobs and spread disinformation. OpenAI did not respond to a request for comment.

=> gemini.tuxmachines.org