TechCrunch

Microsoft lost its keys, and the government got hacked

Microsoft still doesn’t know — or want to share — how China-backed hackers stole a key that allowed them to stealthily break into dozens of email inboxes, including those belonging to several federal ...
CSOonline

How Microsoft’s Shared Key authorization can be abused and how to fix it

When many of us moved our server and application needs to the cloud, we rejoiced that we no longer had to worry about the drudgery of patching. We didn’t have to monitor servers and their Patch ...
Bleeping Computer

Hackers stole Microsoft signing key from Windows crash dump

Microsoft says Storm-0558 Chinese hackers stole a signing key used to breach government email accounts from a Windows crash dump after compromising a Microsoft engineer's corporate account. The ...
Dark Reading

Microsoft 365 Breach Risk Widens to Millions of Azure AD Apps

The Storm-0558 breach that gave Chinese advanced persistent threat (APT) actors access to emails within at least 25 US government agencies could be much further-reaching and impactful than anyone ...
ZDNet

Microsoft Secure Boot key debacle causes security panic

Microsoft has accidentally leaked the keys to the kingdom, permitting attackers to unlock devices protected by Secure Boot -- and it may not be possible to fully resolve the leak. The design flaw in ...