Followers | 680 |
Posts | 141212 |
Boards Moderated | 36 |
Alias Born | 03/10/2004 |
Saturday, August 28, 2021 8:07:08 PM
By: Joseph Menn | August 28, 2021
(Reuters) - Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp (NASDAQ:MSFT)'s Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.
As first reported by Reuters https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.
Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.
In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.
"Our investigation shows no unauthorized access other than the researcher activity," Microsoft wrote. "Notifications have been sent to all customers that could be potentially affected due to researcher activity," it said, perhaps referring to the chance that the technique had leaked from Wiz.
"Though no customer data was accessed, it is recommended you regenerate your primary read-write keys," it said.
The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.
"CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key," the agency said https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance.
Experts at Wiz, founded by four veterans of Azure's in-house security team, agreed.
"In my estimation, it's really hard for them, if not impossible, to completely rule out that someone used this before," said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.
Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.
"We expanded our search beyond the researcher's activities to look for all possible activity for current and similar events in the past," said spokesman Ross Richendrfer, declining to address other questions.
Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.
"It's terrifying. I really hope than no one besides us found this bug," said one of the lead researchers on the project at Wiz, Sagi Tzadik.
Read Full Story »»»
DiscoverGold
Information posted to this board is not meant to suggest any specific action, but to point out the technical signs that can help our readers make their own specific decisions. Caveat emptor!
• DiscoverGold
Recent MSFT News
- Novavax Surges 57% Post $1.4 Billion Sanofi Deal; Apple Boosts Data Centers with AI and Internal Chips, and More News • IH Market News • 05/10/2024 12:02:56 PM
- Microsoft announces $3.3 billion investment in Wisconsin to spur artificial intelligence innovation and economic growth • PR Newswire (US) • 05/08/2024 01:45:00 PM
- Meta Platforms Expands AI Ads, Apple Boosts iPhone Shipments, and More Highlights • IH Market News • 05/08/2024 12:27:48 PM
- Microsoft and LinkedIn release the 2024 Work Trend Index on the state of AI at work • PR Newswire (US) • 05/08/2024 12:00:00 PM
- Tesla’s April Sales Down 18% in China, Amazon’s Multi-Billion Dollar Cloud Expansion in Singapore, and More News • IH Market News • 05/07/2024 11:44:00 AM
- Form EFFECT - Notice of Effectiveness • Edgar (US Regulatory) • 05/07/2024 04:15:33 AM
- Form 424B3 - Prospectus [Rule 424(b)(3)] • Edgar (US Regulatory) • 05/06/2024 08:20:48 PM
- Brookfield and Microsoft Collaborating to Deliver Over 10.5 GW of New Renewable Power Capacity Globally • GlobeNewswire Inc. • 05/01/2024 10:30:00 AM
- Alphabet CEO’s Billion-Dollar Wealth, Microsoft’s $1.7B Indonesia Investment, and More News • IH Market News • 04/30/2024 11:58:40 AM
- Axel Springer et Microsoft élargissent leur partenariat dans les domaines de la publicité, de l'IA, du contenu et des services de Microsoft Azure • PR Newswire (Canada) • 04/29/2024 03:00:00 PM
- Axel Springer and Microsoft expand partnership across advertising, AI, content and Azure services • PR Newswire (Canada) • 04/29/2024 03:00:00 PM
- Axel Springer and Microsoft expand partnership across advertising, AI, content and Azure services • PR Newswire (US) • 04/29/2024 03:00:00 PM
- U.S. Stocks May See Further Upside In Early Trading • IH Market News • 04/29/2024 01:05:53 PM
- Conduent Collaborates with Microsoft on Generative AI to Drive Innovation in Business Process Solutions • Business Wire • 04/29/2024 12:43:00 PM
- U.S. Futures Rise in Pre-Market Trading Amid Key Federal Reserve Meeting and Earnings Week Ahead • IH Market News • 04/29/2024 11:12:54 AM
- Philips Stocks Soar 47% Following US Deal, Tesla Bolsters Presence in China, and More News • IH Market News • 04/29/2024 11:11:24 AM
- U.S. Stocks Rally On Upbeat Tech Earnings • IH Market News • 04/26/2024 08:30:27 PM
- Exxon Mobil Net Profit Drops 28% to $8.22 Billion, Atlassian Surprises with Revenue Boost and Co-CEO Exit, and More in Earnings • IH Market News • 04/26/2024 11:47:51 AM
- U.S. Futures Climb in Pre-Market Trading Amid Tech Gains and Upcoming Inflation Data • IH Market News • 04/26/2024 11:47:25 AM
- The Estée Lauder Companies and Microsoft increase collaboration to power prestige beauty with generative AI • PR Newswire (US) • 04/26/2024 10:00:00 AM
- U.S. Stocks Climb Well Off Worst Levels But Close Mostly Lower • IH Market News • 04/25/2024 08:40:00 PM
- Microsoft earnings press release available on Investor Relations website • PR Newswire (US) • 04/25/2024 08:10:00 PM
- U.S. Futures Drop in Pre-Market Trading as Tech Stocks Plunge After Meta Issues Gloomy Forecast • IH Market News • 04/25/2024 11:53:54 AM
- BHP Bids $38.8 Billion for Anglo American; Biden Unveils Historic Micron Technology Deal, and More News • IH Market News • 04/25/2024 11:48:40 AM
- Coca-Cola and Microsoft Sign Billion-Dollar Agreement, Apple Event Set for May 7, and More News • IH Market News • 04/24/2024 11:28:02 AM
Avant Technologies Equipping AI-Managed Data Center with High Performance Computing Systems • AVAI • May 10, 2024 8:00 AM
VAYK Discloses Strategic Conversation on Potential Acquisition of $4 Million Home Service Business • VAYK • May 9, 2024 9:00 AM
Bantec's Howco Awarded $4.19 Million Dollar U.S. Department of Defense Contract • BANT • May 8, 2024 10:00 AM
Element79 Gold Corp Successfully Closes Maverick Springs Option Agreement • ELEM • May 8, 2024 9:05 AM
Kona Gold Beverages, Inc. Achieves April Revenues Exceeding $586,000 • KGKG • May 8, 2024 8:30 AM
Epazz plans to spin off Galaxy Batteries Inc. • EPAZ • May 8, 2024 7:05 AM