- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Kyle Brasseur2023-07-31T18:43:00
A Democratic lawmaker is calling on federal agencies to hold Microsoft accountable for “negligent cybersecurity practices” that played part in a Chinese hacking campaign that targeted U.S. government email addresses.
Sen. Ron Wyden (D-Ore.) wrote a letter to the heads of the Department of Justice, Federal Trade Commission, and Cybersecurity and Infrastructure Security Agency (CISA) on Thursday imploring the agencies to investigate the incident that came to light earlier this month. CISA and the Federal Bureau of Investigation on July 12 published a joint advisory regarding unexpected events observed in Microsoft 365 audit logs.
In a July 14 blog, Microsoft explained a China-based threat actor with espionage objectives “used forged authentication tokens to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud.” The company said it identified the issue in June and has since disrupted the malicious activities.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec. Select an option and click continue.
Annual Membership $499 Value offer
Full price one year membership with auto-renewal.
Membership $599
One-year only, no auto-renewal.
SolarWinds will contest a lawsuit brought by the Securities and Exchange Commission against it and its chief information security officer alleging fraud and internal control failures related to the software company’s cyberattack reported in 2020.
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s newly approved cybersecurity incident disclosure rule.
American Water Works Company, which supplies drinking water and wastewater to 14 million customers, disclosed a breach of its computer networks and system due to a cybersecurity incident.
The global average cost of a data breach jumped to an all-time high for the second year in a row, but companies can reel in the ballooning drag on profits by adopting artificial intelligence, according to an IBM report.
The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.
