Detecting a vulnerability that makes 3,000 companies using Microsoft Azure vulnerable to hackers reading data over the past 2 years
Microsoft has just been forced to notify more than 3,000 organizations and businesses, including giants like ExxonMobil, Walgreens, Coca Cola, Symantec, Zeiss. about potential security risks.
Specifically, the Azure platform that the above businesses are using has a vulnerability that allows any hacker access to read, edit, and delete data stored on Azure Cosmos DB database for more than 2 years. past 2 years.
This vulnerability was discovered by security company Wiz and named "ChaosDB". It is related to a series of configuration errors in the display feature of Jupiter Notebook, which Microsoft added to Cosmos DB in 2019. Jupiter Notebook is enabled by default in all installations of Cosmos DB.
Wiz reported the issue to Microsoft on August 12. By August 14, Microsoft had found a fix. Up to now, according to Microsoft, there is no sign of this vulnerability being exploited by hackers.
After discovering the problem, Wiz advised all companies using Cosmos DB to regenerate the access key and take other security measures. Businesses should double-check Cosmos DB security measures even if your business doesn't receive a warning from Microsoft.
Microsoft also rewarded Wiz $40,000 for reporting the vulnerability to them.
You should read it
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Windows Azure will change its name to Microsoft Azure
- Microsoft demonstrated the Azure cloud platform
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- How to Create a Windows Azure SQL Database
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- 12-year vulnerability in pkexec gives hackers root privileges on Linux
- What is Azure Sphere?
- Serious vulnerability in Microsoft Word is being used by hackers to install malware on computers
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
Maybe you are interested
9 Tips and Tricks to Get the Most Out of Microsoft Clipchamp
Looking Back at Microsoft Edge in 2024: The Impressive Numbers
A look at Windows 10 and 11 features Microsoft has removed or stopped supporting in 2024
What is Microsoft Azure Certification?
Cybercriminals are using Microsoft Teams calls to commit fraud
Microsoft officially supports sharing files from iPhone to Windows using Phone Link application