With an email sent yesterday August 26 to his customers, Microsoft has warned of a vulnerability which he left exposed i database of thousands of cloud users. These include some of the largest technology companies in the world, which use i Cosmos DB di Azure to manage their data. The vulnerability was noticed by Wiz, which Microsoft rewarded $ 40,000 for finding the flaw.
A Wiz research team discovered a vulnerability that would have allowed access to customer databases, leaving the possibility of read, modify and even delete customer data. “We solved this problem right away to keep our customers safe and secure. We thank the security researchers for sharing the vulnerability with us, ”Microsoft told Reuters.
According to the email sent to customers, Microsoft has “no indication that entities external to the researchers (Wiz) had access” to customer data. So there shouldn’t be any problems for those using Azure Cosmos DB. But that doesn’t erase the gravity of the fact, according to Wiz’s chief security officer (former Microsoft cloud security CTO). Ami Luttwak. “This is the worst kind of cloud vulnerability imaginable. It is a secret that will last. This is the Azure central database and we were able to access any customer database ”.
Wiz’s team identified the problem, called ChaosDB, on August 9, and reported it to Microsoft on the 12th. The flaw was in a visualization tool called Jupyter Notebook, available for years but enabled by default in Cosmos starting from February.
This security flaw is likely to turn into a reputational problem for Microsoft, which has had more than one problem cybersecurity in the last year. Especially since it touches the tool Azure, which many companies now prefer to on-premise private cloud. One of the main reasons for choosing cloud services from companies like Microsoft or Amazon is dedicated security. These kinds of problems could cost the trust of some large company. For this reason Microsoft is emphasizing the new investments in terms of safety.
If you want to learn more about the technical details of the attack, you can find the complete Wiz report here.
In this review we talk about the NiPoGi AK1PLUS, a miniPC that boasts excellent hardware…
Two wheels are back racing on all platforms: here is the launch trailer for MotoGP…
The iconic figure of Scooby-Doo is one of those that have become so beloved that…
The world of technology knows this well by now, a tech device cannot only be…
The concept of an intercom, even that of a video intercom, is certainly not a…
The weekend begins with a very intense challenge, between two teams that have performed well…