This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
According to a copy of the email and a cyber security researcher, Microsoft warned thousands of its cloud computing customers, including some of the world’s largest organizations, that intruders might read, update, or even delete their major databases. Researchers uncovered a “serious” vulnerability in Cosmos DB, a Microsoft Azure flagship database product, that allows an attacker to read, write, and remove data from Cosmos DB customers.
Microsoft’s proprietary database service Cosmos DB was launched in 2017 and is offered through the tech giant’s cloud computing platform Azure. Coca-Cola, ExxonMobil, and Schneider Electric are just a few of the world’s major organizations that utilize it to manage their data. Many of Microsoft’s own programmes, such as Skype, Xbox, and Office, use Cosmos DB.
Wiz’s research team realized it was possible to gain access to keys that controlled access to databases owned by tens of thousands of companies. Ami Luttwak, Wiz’s Chief Technology Officer, was previously the CTO of Microsoft’s Cloud Security Group. Because Microsoft is unable to alter those keys on its own, consumers were emailed on Thursday and were told to create new ones. According to an email from Microsoft to Wiz, the company promised to pay them $40,000 for discovering and reporting the flaw.
Wiz, which was founded by ex-Microsoft workers, identified the flaw on August 9, 2021. Three days later, the cybersecurity firm notified Microsoft about the problem. Microsoft’s security teams disabled the vulnerable feature within 48 hours, according to Wiz.
There was no e
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Researchers Discovered a Vulnerability in Microsoft Azure’s Cosmos DB