Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
CISA issued the ED 24-04 after a Microsoft breach to help federal agencies
Microsoft’s security system falls short of customer expectations
2 min. read
Updated onApril 15, 2024
updated onApril 15, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
The Cybersecurity and Infrastructure Security Agency (CISA) issued theEmergency Directive(ED 24-04). CISA took this action to ensure that federal agencies remediate their compromised data. If you didn’t know, the Russian state-sponsored cyber actorMidnight Blizzardtargeted Microsoft corporate accounts. Also, they have accessed correspondence with the Federal Civilian Executive Branch (FCEB).
Microsoft revealed that the attackers managed to access its source code repositories. However, the company says there is no evidence that the hackers breached customer services. Yet, CyberScoop reported the appearance of ED 24-04 two days ago.
What does the Emergency Directive(ED 24-04) do?
The ED 24-04 urges federal agencies to investigate the security breaches. In addition, they should change login credentials, API keys, and identification tokens. On top of that, potentially affected agencies should take additional steps to ensure the security of their Microsoft Azure accounts. Also, CISA will help federal agencies comply with it and complete the requirements by April 30, 2024.
Consider the ED 24-04 a warning and check your Microsoft accounts. In addition, if you have any suspicions, contact your Microsoft account team for additional questions. You can also contribute to CISA research by submitting malware samples and infected files. After all, the security agency has a new malware analysis system known asMalware Next-Gen.
Unfortunately, we don’t know the number of federal agencies affected by the hackers. Yet, CISA claims they all received email notifications after the ED 24-04.
The US Cyber Safety Review Board (CSRB) considers that Microsoft could have prevented the attack. Thus, the board thinks that Microsoft lacks a proper security culture. However, the CSRBreportshowcases various failures made by the tech giant before, during, and after the attack.
Ultimately, Microsoft is falling short of customer expectations. Additionally, threat actors keep finding ways to breach the company. For example, a recent breach allowed threat actors to access a poorly defendedAzure server. On top of that, Chinese hackers managed tosteal 60,000 emailsfrom the US State Department. Thus, the ED 24-04 is a great preventive call for all companies using Microsoft services.
What do you think? Should the US Government seek solutions from other companies? Let us know in the comments.
More about the topics:Cybersecurity,microsoft,Microsoft Azure
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming.
