Yesterday, Ax Sharma with Ars Technica revealed security company Secureworks has identified a current vulnerability in Azure Active Directory Seamless Single Sign-On.
A Secureworks threat update published by Ars Technica indicates the Secureworks Counter-Threat Unit “…reported the flaw to Microsoft on June 19…” and “…Microsoft confirmed the behavior on Juy 21…”, but Microsoft concluded the functionality was part of the way Seamless Single Sign-On is designed.
Ars Technica quotes the Secureworks Counter-Threat Unit researchers as saying “This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory without generating sign-in events in the targeted organization’s tenant…” The researchers also explain the vulnerability affects “…any Azure AD or Microsoft 365 organization, including organizations that use Pass-through Authentication (PTA)…” Apparently, however, user accounts without a password for Azure AD are not at risk.
In an article posted to Bleeping Computer earlier this morning, Sergiu Gatlan details a Microsoft 365 login problem currently affecting on-prem users of MFA in conjunction with Network Policy Server or Active Directory Federation Services. Microsoft tweeted about the issue a little after 10:00am.
Sanaz Ahari, Google’s Senior Director of Product Management, has published a detailed blog article explaining Google’s strategy for streamlining the hybrid work model using Google Workspace.
At the top of the list are Spaces, “the central place for team collaboration in Workspace”. An apparent competitor to Slack and Microsoft Teams, Spaces bring together other Google products like Calendar, Docs, Meet, etc. in an environment optimized for multiple team-members to work in a distributed, asynchronous fashion.
Regarding Meet, Google is also partnering with hardware manufacturers, including Cisco, to make their meeting app easier to use and more pervasive in the market.
Read Ahari’s blog post for the full rundown on where Google is planning to take Workspace going forward!
Yesterday, DevClass reported that with Elastic’s recent release of Elastic 7.15, the “recently added Google Private Service Connect looks to keep data off the internet by offering private connectivity from Google Cloud virtual private cloud to Elastic Cloud deployments.”
The release also includes updated functionality in Observability and Security, as well as the general availability of Elastic APM correlations and Elastic App Search for Enterprise Search.
Last week, ThreatPost reported Zoho has patched a vulnerability in its ManageEngine ADSelfService Plus product, which ThreatPost describes as “a self-service password management and single sign-on (SSO) platform for AD and cloud apps”.
CNBC is reporting a change in the engineering leadership of Google’s cloud team. Thomas Kurian, the CEO of Google Cloud, wants to continue growing the company’s market share from its current 10%, up from 7% three years ago.
Executive Summary:Many businesses are bad at security. The chances of something catastrophic happening to your data are greater if you keep it on-prem. Play the percentages. Occasionally, I run into a business owner who’s afraid of the cloud. They don’t have nephophobia–they just like to keep their data on-site. Their argument often goes something like… Read More