Security News
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances services that could have been exploited by a malicious actor "To access other customers' information" in what the researcher described as the "First cross-account container takeover in the public cloud." Azure Container Instances is a managed service that allows users to run Docker containers directly in a serverless cloud environment, without requiring the use of virtual machines, clusters, or orchestrators.
Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.An adversary exploiting Azurescape could execute commands in the other users' containers and gain access to all their data deployed to the platform, the researchers say.
Microsoft today revealed it fixed a vulnerability in its Azure Container Instances services that could have been exploited by a malicious user "To access other customers' information." Azure Container Instances is a serverless container environment.
Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without authorization. To mitigate the risk and block attackers who might've stolen your Cosmos DB primary read-write keys before the vulnerable feature was disabled, Microsoft advises regenerating the Cosmos DB keys.
A critical security vulnerability in Microsoft's Azure cloud database platform - Cosmos DB - could have allowed full remote takeover of accounts, with admin rights to read, write and delete any information to a database instance. "Azure Cosmos DB built-in Jupyter Notebooks are directly integrated into the Azure portal and your Azure Cosmos DB accounts, making them convenient and easy to use," according to Microsoft's documentation.
On Thursday, the company sent warnings to "Thousands" of its cloud computing customers, explaining that "Intruders" could have access to their databases, according to Reuters. On Thursday, Microsoft alerted cloud customers that uninvited guests could have access to their databases, according to Reuters.
Microsoft has warned thousands of Azure customers that a now-fixed critical vulnerability found in Cosmos DB allowed any user to remotely take over other users' databases by giving them full admin access without requiring authorization. "Microsoft has recently become aware of a vulnerability in Azure Cosmos DB that could potentially allow a user to gain access to another customer's resources by using the account's primary read-write key," the company told customers.
Infosec outfit Wiz has revealed that Microsoft's flagship Azure database Cosmos DB could have been exploited to grant any Azure user full admin access - including the ability to read, write and delete data - to any Cosmos DB instance on Azure. Wiz has named the flaw ChaosDB. "By exploiting a chain of vulnerabilities in the Jupyter Notebook feature of Cosmos DB, a malicious actor can query information about the target Cosmos DB Jupyter Notebook," reads Wiz's explanation.
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. Cosmos DB is Microsoft's proprietary NoSQL database that's advertised as "a fully managed service" that "Takes database administration off your hands with automatic management, updates and patching."
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. Cosmos DB is Microsoft's proprietary NoSQL database that's advertised as "a fully managed service" that "Takes database administration off your hands with automatic management, updates and patching."