News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By Kyle Brasseur2023-07-31T18:43:00
A Democratic lawmaker is calling on federal agencies to hold Microsoft accountable for “negligent cybersecurity practices” that played part in a Chinese hacking campaign that targeted U.S. government email addresses.
Sen. Ron Wyden (D-Ore.) wrote a letter to the heads of the Department of Justice, Federal Trade Commission, and Cybersecurity and Infrastructure Security Agency (CISA) on Thursday imploring the agencies to investigate the incident that came to light earlier this month. CISA and the Federal Bureau of Investigation on July 12 published a joint advisory regarding unexpected events observed in Microsoft 365 audit logs.
In a July 14 blog, Microsoft explained a China-based threat actor with espionage objectives “used forged authentication tokens to access user email from approximately 25 organizations, including government agencies and related consumer accounts in the public cloud.” The company said it identified the issue in June and has since disrupted the malicious activities.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
2023-10-31T17:52:00Z By Kyle Brasseur
SolarWinds will contest a lawsuit brought by the Securities and Exchange Commission against it and its chief information security officer alleging fraud and internal control failures related to the software company’s cyberattack reported in 2020.
2023-08-23T20:17:00Z By Adrianne Appel
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
2023-08-02T19:57:00Z By Adrianne Appel
The clock is ticking for public companies to put in place policies and practices to meet the requirements of the Securities and Exchange Commission’s newly approved cybersecurity incident disclosure rule.
2024-06-27T16:37:00Z By Aaron Nicodemus
The U.S. Department of Energy released supply chain cybersecurity principles meant to help strengthen key technologies used to manage and operate electricity, oil, and natural gas systems.
2024-05-21T19:27:00Z By Adrianne Appel
The Environmental Protection Agency is increasing its inspections of public drinking water systems after finding a majority of those reviewed were vulnerable to cyberattacks and related threats.
2024-05-07T21:21:00Z By Adrianne Appel
Verizon’s annual data breach report shows trends in cybersecurity incidents, including more ransomware and extortion attacks last year.
Site powered by Webvision Cloud