back to article Malwarebytes says its Office 365, Azure tenancies invaded by SolarWinds hackers, insists its tools are still safe to use

Security company Malwarebytes suspects a breach of its Office 365 and Azure tenancies is by the same attacker behind the SolarWinds hack, but reckons flaws in Azure Active Directory security are also to blame. Malwarebytes, whose products include widely used anti-malware tools for consumers and businesses, said that it does …

  1. mikus

    Always good to know when your AV vendor aka Malwarebytes uses another vendor security solution such as Crowdstrike to secure their own systems.

    So what would you say it is you do here?

    1. jake Silver badge

      One further ponders the issue of a supposed anti-malware outfit putting any eggs at all into leaky by nature cloud baskets.

  2. Anonymous Coward
    Anonymous Coward

    "He reported the issue to Microsoft but was told that it was documented behaviour and therefore not a vulnerability"

    Yes, yes, I have documented that anyone can gain access to AD as a Domain admin by doing this, as I have documented it, its not a vulnerability so don't need to fix it.

    Easy way to get around fixing bugs, document them, then they are features. But, documentation, hmmmm, doing real work, or documentation.......

    1. malfeasance

      Depends on the documentation

      There might be perfectly reasonable design decisions as to why Microsoft did that. Equally there might not be (Microsoft aren't going to tell us either way are they).

      If you have documented prominently that "anyone can gain access to AD as a domain admin by doing this. If you want to stop that then do this this, and this. This has the known side effect of causing this behaviour..."

      Isn't that documented well enough (if prominent enough) such that the customer can make a judgement call about it? Everything's a trade-off isn't it, and I presume that MalwareBytes made that trade-off...

    2. el kabong

      Allegating that a documented vulnerability is not a vulnerability, pretty clever trick

      Very powerful indeed!

      M$ employs some of the best minds in legal services, it causes me no surprise when people like that come up with such powerful statements.

      Brilliant!!!

  3. el kabong

    "Securing Azure AD is challenging"

    I'd say securing it is close to impossible. With so many serious technical vulnerabilities lurking in that platform and an effective method put in place by M$ legal team to shift M$' blame away from them and put it fully on your shoulders, there is little hope you can make it secure. That task is too huge, you won't have the resources.

  4. iBurbot

    Dont. Use. Windows.

  5. Version 1.0 Silver badge
    Alert

    Nice blue sky

    If you are a hacker than you see nice blue sky when you hack the clouds, if you are not a hacker then it's about to start raining. So if you are using the cloud, I'd recommend keeping a rain coat in the closet.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021