Security News > 2024 > April > US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack
US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China.
The Board finds that this intrusion was preventable and should never have occurred.
The Board also concludes that Microsoft's security culture was inadequate and requires an overhaul, particularly in light of the company's centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.
How Microsoft's ubiquitous and critical products, which underpin essential services that support national security, the foundations of our economy, and public health and safety, require the company to demonstrate the highest standards of security, accountability, and transparency.
The board was established in early 2022, modeled in spirit after the National Transportation Safety Board.
News URL
Related news
- Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account (source)
- US sanctions crypto exchanges used by Russian darknet market, banks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)
- US House of Reps tells staff: No Microsoft Copilot for you! (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- US government excoriates Microsoft for 'avoidable errors' but keeps paying for its products (source)