Cyber Security

Azure Exposes Data Amid Cloud Vulnerability

Microsoft’s Azure cloud platform has exposed the database and records of approximately 3,300 clients, and that also includes Fortune 500 enterprises as well. The clients had used a data-science feature that was made available on the platform since 2019. Per cloud security firm Wiz, researchers have recently discovered that one of the features present in the platform had allowed anyone to retrieve the data of other companies. In his article for Dark Reading, Robert Lemos shares insight on the incident and how Microsoft intends to tackle the situation.

Vulnerability in Jupyter Notebooks

The incident came to light when Microsoft discovered a privilege-escalation vulnerability in its Jupyter Notebooks that is considered a popular web application among data science users. This error allowed the researchers to exploit the primary database keys of other companies, that included Rolls Royce, Coca-Cola to name a few. Wiz informed Microsoft about the debacle within three days of its occurrence. Microsoft shut down the access to Jupyter Notebooks within 48 hours.

Resolving the Situation

Microsoft sent an advisory to all the customers whose data had been put at risk by Jupyter Notebooks. A May survey stated that although cloud service providers claim to be more capable of keeping their clients’ data safe and organized, a single vulnerability can risk the data of thousands of companies. The cloud service providers ensure the safety of clients’ data, but 60% of the users are concerned with their security when they move to cloud-native infrastructure.

Microsoft recently published instructions on how to secure access to Cosmos DBs a few days ago. Wiz and Microsoft recommended their clients manually revoke their access keys and generate new ones.

Click on the link to read the article:

Related Articles

Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.