"Intruders" in the cloud: Microsoft warns "thousands" of customers about potential exposure

3 years ago 412

On Thursday, the institution sent warnings to "thousands" of its unreality computing customers, explaining that "intruders" could person entree to their databases, according to Reuters.

cloud.jpg

Image: GettyImages/da-kuk

In caller months, a drawstring of cyberattacks has rippled done captious aspects of U.S. infrastructure ranging from petroleum and nutrient accumulation to local h2o supplies, starring to state shortages and big ransomware payouts. On Thursday, Microsoft alerted unreality customers that uninvited guests could person entree to their databases, according to Reuters.

SEE: Security incidental effect policy (TechRepublic Premium)

Intruders successful the cloud: What happened?

On Thursday, Microsoft sent warnings to "thousands" of the company's unreality computing customers, explaining that "intruders could person the quality to read, alteration oregon adjacent delete their main databases," according to a Reuters report published the aforesaid time citing a cybersecurity researcher and a transcript of the informing email.

Researchers astatine the cybersecurity institution Wiz recovered the vulnerability successful Microsoft Azure's Cosmos DB database, according to Reuters, and were "able to entree keys that power entree to databases held by thousands of companies." Since Microsoft is incapable to alteration these keys, Reuters said the institution emailed customers directing them to marque caller keys.

The Microsoft informing to customers said the institution had "no denotation that outer entities extracurricular the researcher (Wiz) had entree to the superior read-write key," according to Reuters.

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

The Wiz squad discovered the flaw successful Jupyter Notebook earlier this period and alerted Microsoft a fewer days aboriginal and the institution was paid $40,000 for uncovering the vulnerability, according to Reuters. Wiz's Chief Technology Officer Ami Luttwak described the flaw arsenic "the worst unreality vulnerability you tin imagine. It is simply a long-lasting secret," adding that they "were capable to get entree to immoderate lawsuit database that we wanted," successful an interrogation with Reuters. 

"We fixed this contented instantly to support our customers harmless and protected. We convey the information researchers for moving nether Coordinated Vulnerability Disclosure," said a Microsoft spokesperson.

Ransomware payouts surge

A fig of high-profile cyberattacks person brought conversations surrounding information beforehand and halfway for companies astir the globe. On average, ransomware payments surged 82% to $570,000 successful the archetypal six months of 2021, according to Unit 42's Ransomware Threat Report.

In the aftermath of the Colonial Pipeline attack, the institution paid Darkside hackers much than $4 million, according to a Wall Street Journal interview with the CEO. Following the JBS attack, the institution paid the REvil radical a whopping $11 million.

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also spot

Read Entire Article