Tuesday, November 5, 2024

Google fires shots directly at Microsoft over its recent security failings

Must read

Google has released a new white paper that outlines everything that is “wrong” with Microsoft security, particularly highlighting its recent failings.

VIEW GALLERY – 2 IMAGES

The new white paper is titled “A more secure alternative,” and Google explains across 14 pages all of the problems with Microsoft’s approach to security while also recommending better alternatives, Gmail and Google Drive. The paper is mostly based on the recent discoveries by the US government’s Cyber Safety Review Board (CSRB), which stated last month that Microsoft’s approach to the June 2023 attack on its Exchange Online service was lackluster.

The CSRB reprimanded Microsoft for its lack of knowledge on when attackers were able to infiltrate its Exchange Online service that resulted in the hackers being able to sift through email inboxes. Additionally, the CSRB criticized the Windows owner for having a seven-year-old security key still be valid, which was used by the hackers to gain access to the Exchange email service.

Google also touched on a separate attack that occurred in November by Russian government-backed hacking group Midnight Blizzard, which resulted in the group gaining access to federal government emails.

The company described Microsoft as experiencing “ongoing security struggles“, which means it’s “unable to keep their systems and therefore their customers’ data safe.

Our Secure Future Initiative (SFI) brings together every part of Microsoft to advance cybersecurity protection across our platforms and products, benefiting customers around the world, including commercial and government enterprises, small businesses and individuals.

In addition to the SFI milestones we recently announced, Microsoft continues working closely with stakeholders across the cybersecurity community, including signing CISA’s Secure by Design pledge and sharing threat intelligence with the security community on sophisticated nation state and cybercrime actors,” said a Microsoft spokesperson to The Register

Latest article