Monday, April 29, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Cloud, another flaw for Azure. What happens to Microsoft?

3 years ago babelfish

Cloud, another flaw for Azure. What happens to Microsoft?

Microsoft has warned Azure customers of a flaw that may have allowed hackers to access data

One more security flaw in Microsoft Azure.

Microsoft warned yesterday that its Azure cloud computing service encountered a flaw that would have allowed hackers to access customer data.

In a blog post , the tech giant claimed to have corrected the flaw reported by Palo Alto Networks. Furthermore, the company has assured that it has no evidence that hackers have abused the flaw.

However, Microsoft has advised some customers to change their login credentials as a precaution.

The one reported is the second major flaw revealed in Microsoft's Azure system within a few weeks. At the end of August, Microsoft warned thousands of customers of its cloud computing service of a flaw in the system that would have allowed any attackers to read, modify or delete the data contained in the Azure Cosmos DB database.

All the details.

THE FOUL FOUND BY PAOLO ALTO NETWORKS

In an interview, Palo Alto Networks researcher Ariel Zelivansky said his team managed to bypass the Azure system. The flaw concerned Azure containers using code that had yet to be updated to fix a vulnerability.

As a result, the team gained full control of a cluster that included other users' containers.

THE COMMENT OF THE EXPERTS

"This is the first attack on a cloud provider that uses container escape to control other accounts," said container security expert Ian Coldwater, who reviewed Palo Alto's work at the request of Reuters .

Coldwater told Reuters that the problem reflects a failure to patch (a piece of software designed to update or improve a program) in a timely manner, something Microsoft has often blamed its customers for. "Keeping the code up to date is very important," reiterated the expert. "Many of the things that made this attack possible would no longer be possible with modern, up-to-date software." Coldwater said some security software used by cloud customers would detect malicious attacks such as the one predicted by the company's own security company and that the logs would also show signs of such activity.

THE REPORTING TO MICROSOFT

Palo Alto reported the issue to Microsoft in July.

The effort took the Palo Alto team several months of work. At the end of which he agreed that the malicious hackers probably hadn't used a similar method in the actual attacks.

THE SECOND BIG FAULT FOR THE REDMOND COLOSSUS

Good news then, but not exactly for Microsoft. This is in fact the second major flaw found in Microsoft's main Azure system within a few weeks.

In late August, Wiz security experts discovered a database flaw that would have allowed a customer to tamper with someone else's data. The flaw would have allowed any customer using Microsoft's Azure Cosmos database to read, write, and delete another user's information without permission. Cosmos DB is used by thousands of organizations, including Coca-Cola, Exxon Mobil, and a number of other Fortune 500 companies.

THE NOTICE OF CISA

Meanwhile, the US cyber security agency also intervened in the Microsoft case.

On August 30, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (Cisa) urged Microsoft's cloud customers to restore security keys in light of the recent vulnerability that may have exposed customer data.

This is the second time that Cisa has warned users of an urgent Microsoft vulnerability.

As early as August 21, CISA issued an urgent warning that cybercriminals were actively exploiting a months-long vulnerability in Microsoft ProxyShell to attack corporate servers and deliver ransomware.

DANGER CLOUD ATTACK?

Palo Alto researcher Zelivansky told Reuters that while cloud architectures are generally secure, Microsoft and other cloud service providers can make fixes rather than rely on customers to apply updates.

"Despite this, Zelivansky concluded," cloud attacks by well-funded adversaries, including national governments, are a valid concern. "

THE REPUTATION OF MICROSOFT

Another blow to Microsoft's reputation for cybersecurity. After the massive SolarWinds cyberattack (even Microsoft systems were exposed) there were infiltrations into Microsoft Exchange servers.

Also this summer, the Pentagon canceled the $ 10 billion Jedi (Joint Enterprise Defense Infrastructure) contract at the center of a legal battle between Microsoft and Amazon. The contract, to modernize the Defense Department's IT operations, was awarded to Microsoft in 2019. However, the Jeff Bezos giant had filed an appeal accusing then-president Donald Trump of bias.

When Microsoft was awarded the contract it was a surprise. In fact, most analysts predicted that the contract would be awarded to Amazon Web Services (AWS), Amazon's market-leading cloud division.

When it comes to cloud computing, Amazon controls about a third of the market with AWS. In addition, the company has a number of government contracts, including the CIA. By comparison, analysts estimate that Microsoft has only captured about 20% of the market.

According to Business Insider , the Jedi program was a huge vote of confidence for Microsoft from its most important client, the United States government.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/cybersecurity-altra-falla-per-azure-che-succede-a-microsoft/ on Thu, 09 Sep 2021 13:36:18 +0000.