TLDR:
Key Points:
- A report criticizes Microsoft’s response to a Chinese hack on its Exchange Online platform, highlighting security failings.
- NIST admits to a vulnerability backlog and seeks additional resources to address it.
- Google tests a new Chrome feature called Device Bound Session Credentials to prevent session hijacking.
In a recent report, the Cyber Safety Review Board criticized Microsoft’s response to a breach of its Exchange Online platform by Chinese threat actors, highlighting significant security failings. The report concluded that the attack should never have occurred and called for an overhaul of Microsoft’s security culture. Additionally, NIST has acknowledged delays in updating the National Vulnerability Database and has requested additional resources to address the backlog effectively.
Google has begun testing a new Chrome feature called Device Bound Session Credentials, which aims to prevent session hijacking by cryptographically binding authentication sessions to a device. This feature is designed to thwart threat actors who use malware to steal cookies and bypass MFA. Google plans to expand trials of this feature and potentially make it an open standard in the future.
On a positive note, Microsoft has announced a quantum error correction breakthrough, bringing the industry closer to higher accuracy quantum computing. Researchers have successfully combined 30 physical qubits into four reliable logical qubits, marking a significant advancement in qubit accuracy.