9.6 C
Pretoria
Thursday, May 19, 2022
More
    ZAR - South African Rand
    EUR
    16.8071
    CAD
    12.5132
    NZD
    10.1311
    USD
    16.1761
    GBP
    19.7487
    AUD
    11.1955
    Pretoria
    scattered clouds
    9.6 ° C
    12 °
    7.4 °
    90 %
    1kmh
    44 %
    Thu
    20 °
    Fri
    22 °
    Sat
    12 °
    Sun
    18 °
    Mon
    12 °
    spot_img

    Sponsored

    Sponsored

    Latest Posts

    Microsoft warns thousands of cloud customers of exposed databases

    Microsoft has warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the e-mail and a cybersecurity researcher.

    The vulnerability is in Microsoft Azure’s flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz chief technology officer Ami Luttwak is a former CTO at Microsoft’s Cloud Security Group.

    Because Microsoft cannot change those keys by itself, it e-mailed the customers on Thursday telling them to create new ones. Microsoft agreed to pay Wiz US$40 000 for finding the flaw and reporting it, according to an e-mail it sent to Wiz.

    “We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” Microsoft said.
    Microsoft’s e-mail to customers said there was no evidence the flaw had been exploited. “We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,” the e-mail said.
    ‘Worst vulnerability’

    “This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak said. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

    Luttwak’s team found the problem, dubbed ChaosDB, on 9 August and notified Microsoft on 12 August, Luttwak said.
    The flaw was in a visualisation tool called Jupyter Notebook, which has been available for years but was enabled by default in Cosmos beginning in February. After Reuters reported on the flaw, Wiz detailed the issue  in a blog post.

    ALSO READ  Parallel Parenting vs Co-Parenting: How To Know Which Is Best For You?

    Luttwak said even customers who have not been notified by Microsoft could have had their keys swiped by attackers, giving them access until those keys are changed. Microsoft only told customers whose keys were visible this month, when Wiz was working on the issue.

    Microsoft said that “customers who may have been impacted received a notification from us”, without elaborating.  —

    spot_img
    Cape Town
    light rain
    14.5 ° C
    14.9 °
    14 °
    90 %
    4.1kmh
    75 %
    Thu
    16 °
    Fri
    16 °
    Sat
    16 °
    Sun
    17 °
    Mon
    15 °
    Durban
    clear sky
    19.9 ° C
    20 °
    16.5 °
    88 %
    2.5kmh
    1 %
    Thu
    25 °
    Fri
    22 °
    Sat
    18 °
    Sun
    20 °
    Mon
    16 °
    Johannesburg
    broken clouds
    7.7 ° C
    9.3 °
    6.9 °
    87 %
    0kmh
    80 %
    Thu
    17 °
    Fri
    19 °
    Sat
    8 °
    Sun
    14 °
    Mon
    8 °
    spot_imgspot_img

    Latest Posts

    spot_img
    Pretoria
    scattered clouds
    9.6 ° C
    12 °
    7.4 °
    90 %
    1kmh
    44 %
    Thu
    20 °
    Fri
    22 °
    Sat
    12 °
    Sun
    18 °
    Mon
    12 °

    Trending Now

    spot_imgspot_imgspot_img

    Dive in!

    Join our Lifestyle subscribers, and start your fitness journey with us today.

    Take a look at our Privacy Policy for more info.

    Media Platform

    So many ideas are shared daily across our platforms, our audience discover areas of interest and use the platforms in an educational capacity, to inform and inspire people to appreciate different perspectives and better understand the world around them on a range of topics.

    en English
    X