Modifications to the U.S. Department of Defense's cloud service provider security measures are being considered by the department's Chief Information Officer John Sherman following the recently reported exposure of emails with military data on Microsoft's Azure government cloud, DefenseScoop reports.
The findings of the ongoing investigation into the exposed server, which already had its public access closed off by the Defense Department on Feb. 20, will influence the changes that Sherman will introduce in CSP security measures, according to DoD spokesperson Cmdr. Jessica McNulty.
"We will notify any DoD personnel affected by the incident appropriately and following federal law and DoD policy. DoD takes this matter very seriously and will incorporate all lessons learned from this event to strengthen its cybersecurity posture," McNulty said.
Further updates on the types of CSP security changes Sherman set to be proposed by Sherman will be issued at a later date, added McNulty.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news