09/01/2021 at 12:27 PM CEST
A vulnerability in Microsoft’s Azure cloud service left to several thousand customers susceptible to cyberattacks. The tech giant warned its customers about the bug in its database service after security company Wiz discovered and reported it. This is assured by North American media such as Engadget.
Azure customers, including companies like Coca-Cola, use Cosmos DB to manage the huge amounts of data they collect in real time. The company explained that he found a number of flaws in the Cosmos DB function called Jupyter Notebook that gives customers a way to visualize their data. That feature has been around since 2019, but it was activated for all Cosmos DB customers last February. Wiz said that a series of misconfigurations on the laptop created a loophole allowing any user to “download, delete or manipulate a massive collection of commercial databasesas well as read / write access to the underlying architecture of Cosmos DB. “
Yes OK the security company praised Microsoft for disabling the laptop within 48 hours post alert about the problem and by notifying about 30 percent of his customers, he warned that more customers may be at risk. Microsoft only notified customers who were affected during Wiz’s one-week investigation period in early August.
This is the latest in a series of bad security news for Microsoft over the past year. In February, the tech giant revealed that hackers at SolarWinds accessed and downloaded the source code from Azure. Something that turned out to be incredibly serious since it is one of the most used applications in the world.