

Updated · Jun 24, 2022
Updated · Feb 21, 2022
This month, researchers discovered a dangerous security vulnerability in Microsoft Azure, that could give cybercriminals admin access to all user databases in Cosmos DB.
Researches from the security company Wiz found that it is easy for one to gain the primary keys to all databases. This gives cybercriminals the ability to read, change or delete information.
The vulnerability might have been present since the 2019 release of Jupyter Notebook. The researchers called it ChaosDB.
Wiz CTO and former chief technology officer at Microsoft's Cloud Security Group Ami Luttwak said: "This is the worst cloud vulnerability you can imagine. It is a long-lasting secret. This is the central database of Azure, and we were able to get access to any customer database that we wanted".
Microsoft, however, cannot change the access keys. So, it sent mass emails to potentially affected customers to warn them about the issue.
The company also fixed the configuration mistake, which was the root of the issue.
"Our investigation shows no unauthorized access other than the researcher activity. Notifications have been sent to all customers that could be potentially affected due to researcher activity," Microsoft announced.
The case should serve as a warning for all database software users.
Statistics also show that:
Vulnerabilities similar to ChaosDB are just giving hackers the upper hand.
Teodora Dobrilova
Teodora devoted her whole life to words – reading, writing and trying to be original on social media. She got certified in digital marketing but still feels she’s not cool enough to be an influencer. (We all disagree – she influences the team pretty well.) She finished a master’s degree focused in Literature, Publishing, Mass Media. Her hobbies include traveling, and reading. Teddy hopes that yoga will be the thing to finally teach her some patience and show her the path toward world domination. Maybe modern tech can also help her with that.
Latest from Author
Your email address will not be published.