• Registered: 2021-02-01
  • Posts: 196

Topic: Researchers, cybersecurity agency urge action by Microsoft cloud datab

Researchers, cybersecurity agency urge action by Microsoft cloud database users


https://onecms-res.cloudinary.com/image/upload/s--H-UjD43m--/c_crop%2Ch_450%2Cw_800%2Cx_0%2Cy_70/c_fill%2Cg_auto%2Ch_468%2Cw_830/fl_relative%2Cg_south_east%2Cl_one-cms:core:watermark:reuters%2Cw_0.1/f_auto%2Cq_auto/v1/one-cms/core/2021-08-19t162618z_1_lynxmpeh7i0ww_rtroptp_3_microsoft-results.jpg?itok=LlJiAQo8


Researchers who discovered a massive flaw in the main databases stored in Microsoft's Azure cloud platform on Saturday (Aug 28) urged all users to change their digital access keys, not just the 3,300 it notified this week.

Important things before แนะนำเว็บสล็อต or other online gambling games is to understand How to play slots well Because various online gambling games, including slots, have quite a variety of game formats. Each game has a way to play. Or a different format. Education, understand how to play thoroughly before. will help you understand the game Finally, it will be able to play out well. until finally making money Make good profits.

As first reported by Reuters, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.

In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.

"Our investigation shows no unauthorized access other than the researcher activity," Microsoft wrote. "Notifications have been sent to all customers that could be potentially affected due to researcher activity," it said, perhaps referring to the chance that the technique had leaked from Wiz.

"Though no customer data was accessed, it is recommended you regenerate your primary read-write keys," it said.

The US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.