This blog posting represents the views of the author, David Fosberry. Those opinions may change over time. They do not constitute an expert legal or financial opinion.
If you have comments on this blog posting, please email me .
The Opinion Blog is organised by threads, so each post is identified by a thread number ("Major" index) and a post number ("Minor" index). If you want to view the index of blogs, click here to download it as an Excel spreadsheet.
Click here to see the whole Opinion Blog.
To view, save, share or refer to a particular blog post, use the link in that post (below/right, where it says "Show only this post").
Posted on 19th March 2021
|Show only this post|
Show all posts in this thread.
The Hafnium hack of Microsoft Exchange Servers (described here by The Verge) has now affected at least 60,000 Microsoft customers around the world, including many US government agencies, and the European Banking Authority (as reported here by the BBC). The original attacks by the Chinese hacking group "Hafnium" has now been adopted by other hacking groups to target other Exchange customers.
The news article reports that Microsoft were made aware of the security vulnerability in early January, but the company didn't issue the first patches to close the security vulnerability until nearly two months later, after the attacks started. Microsoft also made a blog post which didn't explain the scope or scale of the attacks, in an apparent attempt to downplay the risks.
This lackadaisical attitude to their customers' security is par for the course for Microsoft, and shows that they really don't care about the security of their products.