SCOOP --> HHS quietly removed Login from grantee payment platform after hackers stole millions from multiple grant recipient orgs last year. The thieves used SAM data to change banking info, impacting seven orgs. New details on incident w/ Natalie Alms ⬇️
nextgov.com/cybersecurity/…

Solid 🧵 and story by Eric Geller on the recent slew of woes with Microsoft's 'security culture'.

Sad to just keep getting handwavy corporate denials in the face of overwhelming catastrophic problems.

wired.com/story/the-us-g…

We were on 60 Minutes!

SCYTHE 60 Minutes 🦄

'Individually, any one of the failings described above might be understandable,' the CSRB says. 'Taken together, they point to a failure of Microsoft’s organizational controls and governance, and of its corporate culture around security.'

Today, DHS released the Cyber Safety Review Board’s (CSRB) report summarizing the findings of its review into attacks associated with the 2023 Microsoft Exchange Online intrusion. Learn more here⬇️

cisa.gov/resources-tool…

Very proud of the work of the Cyber Safety Review Board (CSRB) on this important review of the 2023 Microsoft Exchange Online intrusion that affected a number of national security officials

And the threat actor responsible is the same one that did Operation Aurora in 2009!

Jesus, this story. Looking forward to reading this CSRB report.

Now what happens to an MSFT that doesn’t care beyond platitudes as long as business interests remain untouched?

wapo.st/4cJpKtW

NEW 0 day in review from Google's TAG and Mandiant shows 97 observed zero-day vulnerabilities exploited in-the-wild in 2023, a 50%+ increase from 2022. More findings from the report: blog.google/technology/saf…

👏👍 Cybersecurity and Infrastructure Security Agency FBI & Health-ISAC on releasing an advisory on SQLi vulnerabilities. We need to move to more secure software which doesn't allow hospitals to be hammered by hacks this way. At Google we addressed SQLi and haven't had an incident in ~decade. google.com/url?rct=j&sa=t…

That is a naan the size of my body. I love Indian food! @ one of the top 50 restaurants in Asia - cool

Get hacked once, shame on you. Get hacked twice with the same vulnerability? Shame on me.

In their new guide, Aspen Digital’s #AspenCyber US Group offers actions for #cybersecurity execs interested in building resilient workforces. I’m proud to be part of the workforce and education coalition that drove this work forward. Read the guidance: aspendigital.org/report/bits-by…

Axios' newsletter today: 'The total number of advertisements from access brokers — who sell passwords, session tokens and other ways to break into a company — jumped nearly 20% in 2023 from the year before, CrowdStrike's report found.'

Ppl: move to passkeys. 🗝️ #cybersecurity

Go Kate!

CCP censorship of the truth of their genocide against Uyghurs should not be aided by American companies. I am troubled by reports that Microsoft may be doing just that and will support efforts to get to the bottom of this.
nypost.com/2024/02/08/new…

In an attempt to cut through the scarcity of candor these days, let’s state some things plainly. Let’s talk about Microsoft. With the upfront caveat that every security vendor has made mistakes and has skeletons in their respective closets that need addressing. None without sin.

Secure by design is critical - and moving to memory safe languages and supporting their adoption across industry is key to elevating #cybersecurity across the ecosystem. Love working with our security teams as they work to make this a reality across Google!

BREAKING: Microsoft Inked Deals With CCP Propaganda Outlets

“Microsoft helped Chinese state-run media outlets disseminate propaganda as part of previously unreported partnership agreements, documents obtained by the Washington Free Beacon show.” freebeacon.com/national-secur…

Couldn't agree more - we need to all work together to bring more professionals into #cybersecurity . #cyberclinics @google

Hahahaha 🤣