Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 years
Microsoft has just been forced to notify more than 3,000 organizations and businesses, including giants like ExxonMobil, Walgreens, Coca Cola, Symantec, Zeiss. about potential security risks.
Specifically, the Azure platform that the above businesses are using has a vulnerability that allows any hacker access to read, edit, and delete data stored on Azure Cosmos DB database for more than 2 years. past 2 years.
This vulnerability was discovered by security company Wiz and named "ChaosDB". It is related to a series of configuration errors in the display feature of Jupiter Notebook, which Microsoft added to Cosmos DB in 2019. Jupiter Notebook is enabled by default in all installations of Cosmos DB.
Wiz reported the issue to Microsoft on August 12. By August 14, Microsoft had found a fix. Up to now, according to Microsoft, there is no sign of this vulnerability being exploited by hackers.
After discovering the problem, Wiz advised all companies using Cosmos DB to regenerate the access key and take other security measures. Businesses should double-check Cosmos DB security measures even if your business doesn't receive a warning from Microsoft.
Microsoft also rewarded Wiz $40,000 for reporting the vulnerability to them.
Jessica TannerYou should read it
- Windows Azure will change its name to Microsoft Azure
- Microsoft demonstrated the Azure cloud platform
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- How to Create a Windows Azure SQL Database
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- What is Azure Sphere?
May be interested
- Immediately patch CWP vulnerability that allows code execution as root on Linux servers
security researchers have discovered two new vulnerabilities affecting control web panel (cwp) software. hackers could chain these two vulnerabilities to gain remote code execution (rce) privileges as root on vulnerable linux servers. - The new Microsoft 365 login pages are fakethe hackers' online fraud campaign has adapted and aims to use the newly updated design of azure ad and microsoft 365 login pages.
- What is Microsoft Azure?cloud computing has recently become a game changer for businesses, and microsoft azure is one of the companies leading the game.
- Serious vulnerability in Microsoft Word is being used by hackers to install malware on computersa zero day vulnerability in microsoft word is being exploited to install malware on windows machines.
- Microsoft Windows Azure: Explore the 'cloud' operating systemazure, the cloud operating system that microsoft introduced in late october at the pdc 2008 conference still carries many mysteries. what is azure? how will it work? the following information will partly answer the windows azure operating system.
- Microsoft released SimuLand, so what is SimuLand?microsoft has released simuland, an open source lab environment to help test and improve the defenses of microsoft 365 defender, azure defender, and azure sentinel against real attack scenarios.
- Vulnerability in Microsoft Outlook makes users believe in phishing emailsa new vulnerability has just been discovered by a security researcher on the microsoft outlook platform.
- Microsoft urges Admin to patch PowerShell vulnerability on Windowsmicrosoft has just asked for it admins of organizations and businesses to immediately patch the vulnerability in powershell 7. the reason is that this vulnerability allows hackers to bypass windows defender application control (wdac) enforcement measures.
- What is Azure Sphere?azure sphere is a high-end application platform, equipped with integrated security and communications features, for internet-connected devices, including an mcu, custom linux-based operating system, and security services. cloud-based security.
- Working from home makes you vulnerable to hackers. Here's how to stay safeat home, it's less likely you're protected by the corporate software that can scan every link you click and every file you download for signs of danger.
Security solution
- How to stay safe while playing online games
- Hundreds of thousands of Wifi manufactured from 2015 and earlier were attacked
- You can gain admin rights of Windows 10 just by plugging in a Razer mouse
- This critical vulnerability turns home devices into attack tools
- Windows 365 accounts and passwords can be stolen easily
- How to limit USB plugged into computer (only accept authorized USB)
How to stay safe while playing online games
Hundreds of thousands of Wifi manufactured from 2015 and earlier were attacked
You can gain admin rights of Windows 10 just by plugging in a Razer mouse
This critical vulnerability turns home devices into attack tools
Windows 365 accounts and passwords can be stolen easily
How to limit USB plugged into computer (only accept authorized USB)