Trending

Stories

Microsoft Caution Customers Against Databases Exposure

Tidio Live Chat Software - Add Tidio live chat software to your website in minutes. Contact visitors and turn them into happy customers. Enhance their experience and boost your sales. Get it for Free

WP Rocket - WordPress Caching Plugin

Must Read

Yusuf Balogun
Yusuf Balogun
Yusuf is an aspiring Journalist and Health law expert with a special focus on technology innovations. He is a writer at Right for Education, Libertist Centre for Education, Qwenu, and Editor at Gamji Press, UDUS.

According to a copy of the email and a cyber security researcher, Microsoft alerted thousands of its cloud computing customers, including some of the world’s largest organizations, that outsiders may read, edit, or even delete their main databases.

Microsoft Azure’s main Cosmos DB database is vulnerable. Wiz’s research team realized it was possible to gain access to keys that controlled access to databases owned by tens of thousands of companies. Ami Luttwak, Wiz’s Chief Technology Officer, was previously the CTO of Microsoft’s Cloud Security Group.

Also Read

Because Microsoft is unable to alter those keys on its own, consumers were emailed on Thursday and told to create new ones. According to an email from Microsoft to Wiz, the company promised to pay him $40,000 for discovering and disclosing the problem.

“To keep our consumers safe and secure, we swiftly addressed the problem. We appreciate the security experts’ efforts in coordinating vulnerability disclosure “Reuters reported on Microsoft’s statement.

Elegant Themes - The most popular WordPress theme in the world and the ultimate WordPress Page Builder. Get a 30-day money-back guarantee. Get it for Free

According to Microsoft’s notification to customers, there was no evidence that the weakness had been exploited. The email stated, “We have no indication that external entities other than the researcher (Wiz) had access to the primary read-write key.”

“This is the worst cloud flaw you can think of. It’s been kept a secret for a long time,” Luttwak told Reuters. “This is Azure’s core database, and we were able to connect to whatever client database we wanted.”

Luttwak’s team discovered the issue, codenamed ChaosDB, on August 9 and alerted Microsoft on August 12, according to Luttwak.

The weakness was found in Jupyter Notebook, a visualization tool available for years but only enabled by default in Cosmos in February. Wiz highlighted the problem in a blog post after Reuters reported on it. 

Even clients who have not been contacted by Microsoft may have had their keys swiped by attackers, giving them access until their keys are changed, according to Luttwak. When Wiz was working on the problem, Microsoft only informed customers whose keys were displayed this month.

“Customers who may have been impacted received a message from us,” Microsoft told Reuters without going further. 

Microsoft has been plagued by bad security news for months. The same alleged Russian government hackers who entered SolarWinds and stole Microsoft source code broke into the company. Then, while a patch was being created, a large number of hackers got into Exchange email servers.

A recently implemented repair for a printer fault that allowed for computer takeovers had to be redone several times. Last week, another Exchange problem triggered an urgent U.S. government warning that clients must apply patches given months ago because ransomware gangs are now exploiting the flaw.

Problems with Azure are particularly concerning because Microsoft and other security experts have been urging businesses to forgo much of their on-premises infrastructure in favor of the cloud.

Cloud attacks, on the other hand, are more unusual, but they can be more catastrophic when they do happen. Furthermore, some are never made public. 

iThemes WordPress Hosting

Stay updated

Subscribe to our newsletter and never miss an update on the latest tech, gaming, startup, how to guide, deals and more.

Latest

Stories

- Advertisement -
- Advertisement -

Latest

Grow Your Business

Place your brand in front of tech-savvy audience. Partner with us to build brand awareness, increase website traffic, generate qualified leads, and grow your business.

- Advertisement -

Grow Your Business

Get these business solutions, tools and services to help your business grow.
Elementor

Elementor -Join 5,000,000+ Professionals Who Build Better Sites With Elementor. Build your website with 100% visual design that loads faster and speeds up the process of building them.

WP Rocket

WP Rocket - Speed up your website with the most powerful caching plugin in the world. The website speed increase means better SEO ranking, user experience, and conversation. It’s a fact that Google loves a fast site.

Kinsta

Kinsta - If you are looking for WordPress managed hosting, Kinsta is in the leading front. Kinsta provides WordPress hosting for a small or large business that helps take care of all your needs regarding your website with cutting-edge technology.

OptinMonster

OptinMonster - Instantly boost leads and grow revenue with the #1 most powerful conversion optimization toolkit in the world. 700,000+ websites are using OptinMonster to turn their traffic into leads, subscribers, and sales.

Related

- Advertisement -
- Advertisement -
ChatGPT Reaches 100 Million Users in Two Months Microsoft’s Teams Get OpenAI-Based Features WhatsApp New Feature that Allows Users to Create Calling Shortcuts Instagram Working On Twitter-like Paid Verification Feature OnePlus Ace 2 Specs Exposed Online Realme GT Neo 5 Full Specs Revealed  Samsung Galaxy S23 Ultra: The New Android King Twitter To End Free API February 9 MLS Season Pass Now Available On Apple TV App Tesla To Increase Giga Shanghai EV Production to 20,000 Weekly 
OpenAI Releases Tool To Detect AI-generated Text Tesla Records Double Net Profit in 2022 India to Produce Upcoming iPhones: Trade Minister Japanese Professor Developed A Power Semiconductor made of Diamond Google Releases New Product for India’s Merchants Indian EV Startup Unveil Two AutoBalancing Electric Scooters OPPO Find X6 Pro Images Render via Weibo Sony Develops New Tech to Reduce Noise of Image Sensors