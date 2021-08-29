Alexa
  • Directory of Taiwan
  1. Home
  2. World

Researchers, cybersecurity agency urge action by Microsoft cloud database users

By REUTERS
2021/08/29 10:26
FILE - This April 12, 2016, file photo shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. Tech giant Microsoft said Thursday, Jul...

FILE - This April 12, 2016, file photo shows the Microsoft logo in Issy-les-Moulineaux, outside Paris, France. Tech giant Microsoft said Thursday, Jul...

Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp's (MSFT.O) Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.

As first reported by Reuters, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records. read more

Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.

In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.

"Our investigation shows no unauthorized access other than the researcher activity," Microsoft wrote. "Notifications have been sent to all customers that could be potentially affected due to researcher activity," it said, perhaps referring to the chance that the technique had leaked from Wiz.

"Though no customer data was accessed, it is recommended you regenerate your primary read-write keys," it said.

The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.

"CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key," the agency said.

Experts at Wiz, founded by four veterans of Azure's in-house security team, agreed.

"In my estimation, it's really hard for them, if not impossible, to completely rule out that someone used this before," said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.

Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.

"We expanded our search beyond the researcher's activities to look for all possible activity for current and similar events in the past," said spokesman Ross Richendrfer, declining to address other questions.

Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.

"It's terrifying. I really hope that no one besides us found this bug," said one of the lead researchers on the project at Wiz, Sagi Tzadik.
cybersecurity
Microsoft
Cosmos database system

RELATED ARTICLES

Taiwan server boom due to data-hungry economy
Taiwan server boom due to data-hungry economy
2021/07/24 12:53
Microsoft best partner awards go to Taiwan's Delta and Freedom System
Microsoft best partner awards go to Taiwan's Delta and Freedom System
2021/07/17 11:25
Taiwanese businesses favored targets of cyberattacks: Microsoft
Taiwanese businesses favored targets of cyberattacks: Microsoft
2021/07/06 21:24
Taiwan businesses strengthen cybersecurity amid COVID outbreak
Taiwan businesses strengthen cybersecurity amid COVID outbreak
2021/06/30 16:08
Microsoft to unplug Internet Explorer as it seeks edge in browser war
Microsoft to unplug Internet Explorer as it seeks edge in browser war
2021/05/21 13:42

Updated : 2021-08-29 10:57 GMT+08:00

MOST POPULAR

Autopsy reveals what killed recipient of Taiwan's Medigen vaccine
Autopsy reveals what killed recipient of Taiwan's Medigen vaccine
Taiwan mulls preconditions for lowering COVID alert level
Taiwan mulls preconditions for lowering COVID alert level
Chinese kick woman out of PCR test center for wearing kimono
Chinese kick woman out of PCR test center for wearing kimono
Taiwan vaccine registration site will have BioNTech option Saturday
Taiwan vaccine registration site will have BioNTech option Saturday
50% of Taiwan's imported Delta cases are breakthrough infections
50% of Taiwan's imported Delta cases are breakthrough infections
Taiwan reports zero local COVID cases, no deaths
Taiwan reports zero local COVID cases, no deaths
Two Taipei fine dining venues sue Michelin guide
Two Taipei fine dining venues sue Michelin guide
Chinese Z-9 helicopter penetrates Taiwan's ADIZ for 1st time
Chinese Z-9 helicopter penetrates Taiwan's ADIZ for 1st time
Man slashes clerk with knife after eating instant noodles in New Taipei Hi-Life
Man slashes clerk with knife after eating instant noodles in New Taipei Hi-Life
Medigen vaccine a game changer, even if we don’t realize it yet
Medigen vaccine a game changer, even if we don’t realize it yet