Yesterday, Ax Sharma with Ars Technica revealed security company Secureworks has identified a current vulnerability in Azure Active Directory Seamless Single Sign-On.
A Secureworks threat update published by Ars Technica indicates the Secureworks Counter-Threat Unit “…reported the flaw to Microsoft on June 19…” and “…Microsoft confirmed the behavior on Juy 21…”, but Microsoft concluded the functionality was part of the way Seamless Single Sign-On is designed.
Ars Technica quotes the Secureworks Counter-Threat Unit researchers as saying “This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory without generating sign-in events in the targeted organization’s tenant…” The researchers also explain the vulnerability affects “…any Azure AD or Microsoft 365 organization, including organizations that use Pass-through Authentication (PTA)…” Apparently, however, user accounts without a password for Azure AD are not at risk.
Last week, ThreatPost reported Zoho has patched a vulnerability in its ManageEngine ADSelfService Plus product, which ThreatPost describes as “a self-service password management and single sign-on (SSO) platform for AD and cloud apps”.
Many businesses are bad at security. The chances of something catastrophic happening to your data are greater if you keep it on-prem. Play the percentages.
Occasionally, I run into a business owner who’s afraid of the cloud. They don’t have nephophobia–they just like to keep their data on-site. Their argument often goes something like this:
“I like to know where it’s at.”
“The cloud has breaches all the time!”
“What if my data gets deleted?”
Or, my personal favorite:
“”I don’t want the Chinese to hack into my system.”
There are various levels of validity to these concerns. They often come up during well-meaning security presentations oscillating somewhere between “prudent” and “FUD” (good old “fear, uncertainty, and doubt”!).
Often overlooked, however, is the fact that the risk of keeping your data on-prem is likely greater than your risk of it suffering a cloud-based disaster.
When it comes to security, maintaining your own IT infrastructure is a big risk factor. Security firm Imperva concluded “46 % of On-Prem Databases Contain Vulnerabilities”. MyTechDecisions is reporting recent vulnerabilities in on-prem systems have highlighted the security advantages of the cloud. In both cases, a big part of the problem is insufficiently patched resources at individual companies. Many organizations are simply unable or unwilling to pay for the IT security expertise and labor required to keep everything fully patched. These vulnerabilities are an attractive target for bad actors.
In addition to the risks inherent to on-prem solutions, the cloud providers are incentivized to continuously improve their services. In a round-table discussion published by the Albany Business review, Lauren Groff discusses how a cloud subscription model gives vendors a higher ROI for enhancements than the legacy model used for many on-prem products.
While human nature tempts us to “keep our data where we can see it”, the realities of the market and scarce resources tell a different story. Move your data to the cloud, so you can sleep better at night!
Share With —
CTO, CIO, CISO
Action Items —
• Review your current security posture with your in-house IT, staff or your managed services provider.
• Pay close attention to where your hardware and software are at in their patching cycle.
• How many outstanding patches do you have?
• What are the potential consequences if the remaining vulnerabilities are exploited?
• What is the potential cost of continuing to do what you’ve always done?
Brian S. Pauls is the founder and vCTO of Cloudessy. He likes to keep the dice for his table-top role-playing games on-prem, and his data in the cloud.
Attacks using a known Microsoft 365 vulnerability increased significantly last week. If you need help locking-down Microsoft 365 for your business, please email Cloudessy at firstname.lastname@example.org or call 913-491-4040.
Yesterday, security blogger Zohar Shachar published details about an SMTP injection exploit he uncovered in GSuite’s mail configuration. Reporting the problem to Google garnered him a $3K+ reward.