Researchers, cybersecurity agency urge action by Microsoft cloud database users


Investing.com - Financial Markets Worldwide

Please try another search

Economy11 hours ago (Aug 28, 2021 07:34PM ET)

Researchers, cybersecurity agency urge action by Microsoft cloud database users
© Reuters. FILE PHOTO: A Microsoft logo is pictured on a store in the Manhattan borough of New York City, New York, U.S., January 25, 2021. REUTERS/Carlo Allegri

By Joseph Menn

(Reuters) – Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp (NASDAQ:)’s Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.

As first reported by Reuters https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers’ databases, then notified some users Thursday to change their keys.

In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.

“Our investigation shows no unauthorized access other than the researcher activity,” Microsoft wrote. “Notifications have been sent to all customers that could be potentially affected due to researcher activity,” it said, perhaps referring to the chance that the technique had leaked from Wiz.

“Though no customer data was accessed, it is recommended you regenerate your primary read-write keys,” it said.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.

“CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key,” the agency said https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance.

Experts at Wiz, founded by four veterans of Azure’s in-house security team, agreed.

“In my estimation, it’s really hard for them, if not impossible, to completely rule out that someone used this before,” said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.

Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.

“We expanded our search beyond the researcher’s activities to look for all possible activity for current and similar events in the past,” said spokesman Ross Richendrfer, declining to address other questions.

Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.

“It’s terrifying. I really hope than no one besides us found this bug,” said one of the lead researchers on the project at Wiz, Sagi Tzadik.

Related Articles

Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.

Read More

Spread the love
Nicholas ‘Nick’ Statman entered the property industry in 2001 and set up a property buying company that quickly established itself as one of the biggest in the sector. During this time the Company successfully transacted on thousands of residential properties across the UK. Nicholas Statman was an early pioneer of the ‘quick sale’ niche market which has since grown considerably with a multitude of companies now operating in the sector. Nicholas Statman has strategically built a sizeable residential and commercial property portfolio with a view to holding for optimum capital growth and a long term passive income. Nicholas Statman has been involved in almost every aspect of the property sector over a 20 year period – this includes buying and selling, development, letting and management and is now involved in the fast growing online/ hybrid Estate Agent industry.

Latest articles

J. Cole Fans Lose It Over Massive Presale Queue...

Presale tickets for J. Cole’s 2014 Forest Hills Drive 10th anniversary concert at Madison Square Garden went live at 10 a.m. ET on Monday (Dec. 2), and the overwhelming demand suggests the North Carolina rapper might need to add a second night or extend the run to other cities...

Yak Gotti Stabbed By A “Sharp Object” While Awaiting...

Yak Gotti was stabbed in jail on Sunday (Dec. 1) while awaiting a verdict in YSL’s RICO case. The “Rock Solid” rapper, née Deamonte Kendrick, who was indicted alongside Young Thug and 26 others, sustained “minor injuries from a sharp object” but is still expected to appear in court on Monday (Dec...

Kendrick Lamar Scores Fifth Consecutive No. 1 On Billboard...

Kendrick Lamar secured the highly coveted No. 1 spot on the Billboard 200 chart with GNX, his surprise sixth studio LP released on Nov. 22. Despite having virtually no rollout, aside from the hype surrounding his June diss track “Not Like Us” targeting Drake, it sold 319,000 album-equivalent units.Continue reading…...

China bans exports to the US of gallium and...

China bans exports to the US of gallium and other key materials after the US curbs computer chip-related exports...

Similar articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our newsletter

Spread the love