After the known vulnerability in Microsoft Azure and the Cosmos DB, security experts are now warning all users to act quickly. Microsoft downplayed the problem and only issued warnings to a few database users.
The Reuters news agency reported that researchers at the cloud security company Wiz had uncovered a massive security problem in Azure. The vulnerability that was found gave attackers access to databases in thousands of Microsoft Azure instances – unauthorized persons could then read, change or even delete data there. Microsoft acted quickly, located the configuration error, and was able to close the vulnerability.
Microsoft’s contacted users
Security experts are now criticizing the whole further procedure of the group. According to Reuters, 3300 Azure users were contacted and asked to create new credentials. This is a security measure in the event that despite previous information, cybercriminals are already exploiting the security gap for themselves. “Although no customer data has been accessed, it is recommended that you regenerate primary read / write keys,” Microsoft urged.
But that is not enough for the US security agency CISA (Cybersecurity and Infrastructure Security Agency). A security warning stated: “CISA strongly encourages Azure Cosmos DB customers to regenerate their certificate key.” This applies to all users and not just to the part that Microsoft has contacted. Anything else is irresponsible, underlined a researcher from Wiz: “In my opinion, it is really difficult, if not impossible, for you (Microsoft) to rule out completely that someone has used this loophole before,” said Wiz Chief Technology Officer Ami Luttwak.
At Microsoft, he once developed tools for logging cloud security incidents and is now in close contact with the Azure developers. The security researcher is convinced that the problem is bigger than it is communicated to the outside world.
Manager at Research Snipers, RS-NEWS, Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.