Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online

CISA calls for 'fundamental, security-focused reforms' to happen ASAP, delaying work on other software
A review of the June 2023 attack on Microsoft's Exchange Online hosted email service – which saw accounts used by senior US officials compromised by a China-linked group called 'Storm-0558' – has found that the incident would have been preventable save for Microsoft's lax infosec culture and sub-par cloud security precautions.…