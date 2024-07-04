Microsoft’s Midnight Blizzard source code breach also impacted federal agencies

““As our investigation continues, we have been reaching out to customers to notify them if they had corresponded with a Microsoft corporate email account that was accessed,” Microsoft spokesperson Jeff Jones said to The Verge. “We will continue to coordinate, support, and assist our customers in taking mitigating measures.”
Microsoft had already announced it was overhauling its cybersecurity efforts last year before the Midnight Blizzard attack after a “cascade of security failures.” More recently, the software giant said it was making security its “top priority” as it attempts to rebuild the trust it’s already lost.”

https://www.theverge.com/2024/7/4/24192159/microsoft-midnight-blizzard-hack-targets
 
making security its "top priority" as it attempts to rebuild the trust it's already lost."
Then they annonce Recall with glaring security holes...

I swear with Microsoft none of the departments talk to each other and their security division has no authority over anything. They develop insecure products and then try to sell people on buying their security tools, to then secure the insecure products they sold them in the first place...
 
MrGuvernment said:
Then they annonce Recall with glaring security holes...

I swear with Microsoft none of the departments talk to each other and their security division has no authority over anything. They developer insecure products and then try to sell people on buying their security tools, to then secure the insecure products they sold them in the first place...
That's probably more or less accurate, although I think it's less they don't talk, and more that when they do, the security concerns probably get down-played by the marketing and design teams (or the guys over them).
 
Nobu said:
That's probably more or less accurate, although I think it's less they don't talk, and more that when they do, the security concerns probably get down-played by the marketing and design teams (or the guys over them).
Ya, which is often what happens in most companies, security is last on the list if at all, and then a breach / compromise happens and then they try to blame the security team.
 
