Riding Out the Storm-0558: With Good Practices, It’s Not a Washout!
The blog post on Wiz.io (https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr) provides an in-depth analysis of a security violation involving Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA). This violation was linked to a Chinese threat actor, Storm-0558, who managed to secure a private encryption key (MSA key) and used it to generate fake access tokens for Outlook Web … Read more