Facebook Twitter Instagram
    Trending
    • Health Implications Of Skin Bleaching
    • Google To Shut Down Hangouts, Urges Users To Switch To Chat
    • People Indulge In Skin Bleaching Due To Inferiority Complex- Skin Experts
    • Breaking: Court Throws Out Fresh Bail Application For Nnamdi Kanu
    • MTN’s MoMo PSB Loses $53m In Security Breach, Heads To Court For Refund From Involved Banks
    • Full List: Tems Makes History, Others Win Big At BET Awards 2022
    • Nigerians To Pay More For Non-Alcoholic Beverages As FG Enforces N10 Per Litre Sugar Tax
    • Banks Record N1.21tn Non-Performing Loans
    Facebook Twitter Instagram YouTube
    Sync News NigSync News Nig
    • NEWS
      • Business & Economy
      • Politics
      • Banking & Finance
      • Tech & Innovation
      • Health
      • World
    • BRAND NEWS
    • SPORT
      • Football
      • Boxing
      • Basketball
    • ENTERTAINMENT
      • Celebrities
      • Music
      • Movies
    • FEATURED
    • TRAVELS & LIFESTYLE
      • Beauty &Health
      • Fashion
      • Food, Travel, Arts & Culture
      • Relationships & Weddings
    • SYNC TV
    Sync News NigSync News Nig
    Home»News»Microsoft Warns Cloud Customers Of Exposed Databases
    News

    Microsoft Warns Cloud Customers Of Exposed Databases

    Deborah AdegokeBy Deborah AdegokeAugust 27, 2021Updated:August 27, 2021No Comments3 Mins Read
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.

    The vulnerability is in Microsoft Azure’s flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft’s Cloud Security Group.

    Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz.

    “We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” Microsoft told Reuters.

    Microsoft’s email to customers said there was no evidence the flaw had been exploited. “We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,” the email said.

    “This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak told Reuters. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

    Luttwak’s team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft Aug. 12, Luttwak said.

    The flaw was in a visualization tool called Jupyter Notebook, which has been available for years but was enabled by default in Cosmos beginning in February. After Reuters reported on the flaw, Wiz detailed the issue in a blog post.

    Luttwak said even customers who have not been notified by Microsoft could have had their keys swiped by attackers, giving them access until those keys are changed. Microsoft only told customers whose keys were visible this month, when Wiz was working on the issue.

    Microsoft told Reuters that “customers who may have been impacted received a notification from us,” without elaborating.

    The disclosure comes after months of bad security news for Microsoft. The company was breached by the same suspected Russian government hackers that infiltrated SolarWinds, who stole Microsoft source code. Then a wide number of hackers broke into Exchange email servers while a patch was being developed.

    A recent fix for a printer flaw that allowed computer takeovers had to be redone repeatedly. Another Exchange flaw last week prompted an urgent U.S. government warning that customers need to install patches issued months ago because ransomware gangs are now exploiting it.

    Problems with Azure are especially troubling, because Microsoft and outside security experts have been pushing companies to abandon most of their own infrastructure and rely on the cloud for more security.

    But though cloud attacks are more rare, they can be more devastating when they occur. What’s more, some are never publicized.

    A federally contracted research lab tracks all known security flaws in software and rates them by severity. But there is no equivalent system for holes in cloud architecture, so many critical vulnerabilities remain undisclosed to users, Luttwak said.

    Source: Reuters

    Microsoft
    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Deborah Adegoke

    Related Posts

    Health Implications Of Skin Bleaching

    June 28, 2022

    Google To Shut Down Hangouts, Urges Users To Switch To Chat

    June 28, 2022

    People Indulge In Skin Bleaching Due To Inferiority Complex- Skin Experts

    June 28, 2022

    Leave A Reply Cancel Reply

    Recent Posts
    • Health Implications Of Skin Bleaching
    • Google To Shut Down Hangouts, Urges Users To Switch To Chat
    • People Indulge In Skin Bleaching Due To Inferiority Complex- Skin Experts
    • Breaking: Court Throws Out Fresh Bail Application For Nnamdi Kanu
    • MTN’s MoMo PSB Loses $53m In Security Breach, Heads To Court For Refund From Involved Banks
    Recent Comments
    • Arsenal Beat Liverpool On Penalties To Lift Community Shield - on Chelsea Sign Former PSG Defender Thiago Silva On Initial One-Year Deal
    • Exceptional Keto Diet on Airtel Partners Standard Chartered Bank To Expand Fintech Business
    • Keto Genics BHB on Airtel Partners Standard Chartered Bank To Expand Fintech Business
    • Exceptional Keto Diet on Airtel Partners Standard Chartered Bank To Expand Fintech Business
    • www.ortovivaistica.it on President Buhari Extends Eased COVID-19 Lockdown By Four Weeks
    Archives
    • June 2022
    • May 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • March 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • December 2018
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Facebook-f Twitter Instagram
    • Banking & Finance
    • Business & Economy
    • Health
    • Politics
    • World
    • Tech & Innovation

    Copyright ©, 2020-2021 syncnewsng.com. All Rights Reserved