Cyber Safety Board Never Probed Causes of SolarWinds Breach
The Cyber Safety Review Board, formed post-SolarWinds breach, sidestepped investigating the incident, focusing on a separate attack. Critics question its effectiveness and independence, urging thorough SolarWinds scrutiny for systemic security improvements.
Read original article
The Cyber Safety Review Board, established in response to the SolarWinds breach, failed to investigate the root cause of the attack, missing an opportunity to prevent future incidents. Despite being directed to review the SolarWinds breach, the board did not conduct the investigation, focusing instead on a separate 2023 attack by Chinese state hackers. The board's decision not to probe SolarWinds raised concerns about its effectiveness and independence, as it operates within the Department of Homeland Security and lacks key investigative powers. While the board claimed to have fulfilled its mandate by addressing other cybersecurity issues, critics argue that examining SolarWinds was crucial to understanding and addressing systemic vulnerabilities. The Government Accountability Office's acceptance of alternative reports in place of a SolarWinds review has been met with skepticism from cybersecurity experts, who emphasize the importance of transparent and detailed investigations to improve cybersecurity practices. Despite the board's efforts to address cybersecurity challenges, questions remain about its ability to hold government agencies accountable and effectively prevent future cyberattacks.
Related
Microsoft a national security threat says ex-White House cyber policy director
A former White House cyber policy director raises national security concerns over Microsoft's control in US government IT. Calls for diversification and enhanced cybersecurity amid debates on tech companies' role in national security.
Windows: Insecure by Design
The article discusses ongoing security issues with Microsoft Windows, including recent vulnerabilities exploited by a Chinese hacking group, criticism of continuous patch releases, concerns about privacy invasion with Recall feature, and frustrations with Windows 11 practices. It advocates for considering more secure alternatives like Linux.
Microsoft Alerts More Customers to Email Theft in Expanding
Microsoft alerts more customers about email theft post-Midnight Blizzard hack by Russian government. Stolen emails accessed, shared with affected organizations for transparency. Ongoing attack used for planning further attacks. Assistance provided to mitigate risks.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.
Microsoft Hack Also Impacted VA, State Department Agency
The US Department of Veterans Affairs and a State Department branch were hit by a cyberattack linked to Russian hackers targeting Microsoft. No sensitive data compromised. Concerns rise over cybersecurity.
1 commentsRelated
Microsoft a national security threat says ex-White House cyber policy director
A former White House cyber policy director raises national security concerns over Microsoft's control in US government IT. Calls for diversification and enhanced cybersecurity amid debates on tech companies' role in national security.
Windows: Insecure by Design
The article discusses ongoing security issues with Microsoft Windows, including recent vulnerabilities exploited by a Chinese hacking group, criticism of continuous patch releases, concerns about privacy invasion with Recall feature, and frustrations with Windows 11 practices. It advocates for considering more secure alternatives like Linux.
Microsoft Alerts More Customers to Email Theft in Expanding
Microsoft alerts more customers about email theft post-Midnight Blizzard hack by Russian government. Stolen emails accessed, shared with affected organizations for transparency. Ongoing attack used for planning further attacks. Assistance provided to mitigate risks.
Microsoft tells yet more customers their emails have been stolen
Microsoft notifies customers of email theft by Russian criminals, expanding breach scope. Compromised accounts' correspondents informed. US auto dealers face disruptions from cyber incident linked to CDK software. Rabbit R1 AI devices' security flaw disclosed. EU sanctions Russians for cyber attacks.
Microsoft Hack Also Impacted VA, State Department Agency
The US Department of Veterans Affairs and a State Department branch were hit by a cyberattack linked to Russian hackers targeting Microsoft. No sensitive data compromised. Concerns rise over cybersecurity.