Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
cyberplace.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Cybersecurity, fandom, video games, technology, dog photos and most importantly, you.

Administered by:

Server stats:

964
active users

cyberplace.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Kevin Beaumont

There’s a pretty good look at unanswered questions the MSRC blog on the Microsoft 365 customer data breach in this: arstechnica.com/security/2023/

Unsurprisingly MS aren’t using words like ‘breach’, ‘vulnerability’ etc when clearly it was both. It’s almost like there’s misaligned incentives.

Other obvious issues include a compromise in 2021 where the threat actor took process dumps etc but nobody checked what they were doing (you live and learn etc), no HSMs etc. Assume MS are compromised.

Ars Technica · Microsoft finally explains cause of Azure breach: An engineer’s account was hackedOther failures along the way included a signing key improperly appearing in a crash dump.
Sep 07, 2023, 04:45 PM·Public
26boosts·52favorites
ExploreLive feeds
About