Microsoft has informed Purplish Blue clients that a defect in the framework might have permitted the robbery of information put away on the stage. Microsoft cautioned some Sky Blue distributed computing stage clients that a blemish found by web security specialists could permit programmers to get to their information.
42 distinguished the stressing blemish that endangered many organizations, including some Fortune 500. Subsequently, Wiz’s cyber security experts also published a report describing a flaw in the platform’s database, thanks to which a user could access and alter another customer’s data.
A few days ago, Microsoft published an official note in which he talks about the thwarted threat thanks to the new update, as there is no evidence of any attacks and the precautions Azure users can take. Also, in both cases, Microsoft has warned companies that they may have been at risk of data breaches. In any case, these are two reports of a security problem on the platform in a short time that remind us of the importance of monitoring and updating the cloud systems that organizations use to oversee a lot of information.
Two months ago, Microsoft managed to break through the virtual walls that separate the cloud containers in which companies store their data. To manage them, Azure used code that had yet to be updated, and researchers took advantage of it to gain full control of a cluster that included containers from some Azure customers.
At this point, for them, as well as for a possible hacker, the doors were opened to commit theft of sensitive data and sabotage the infrastructure of a specific user, with significant economic and business consequences. What happened, or to be precise could have happened, derives from a cross-account container takeover vulnerability: in practice, this vulnerability allows a user on the cloud to leave his environment, the container, and execute code on that of other accounts ( hence the expression cross) until taking control (takeover).
A month ago, in its latest research, the Wiz team highlighted a particular weakness of Azure’s flagship database: Cosmos DB. A series of bugs within a database feature had created a “loophole” that allowed any user to download and manipulate other commercial databases and the architecture underpinning Cosmos DB services.
The hashtag #ChaosDB was born from the story, which describes the extent that such an attack, once completed, could have on many companies.
A Path Of Continuous Improvement And Attention
“Keeping the code up to date is important. Many things that made this attack possible would no longer be possible with modern software.” Cloud-native cybersecurity specialist. Prevention against attacks that are becoming more and more frequent and dangerous for companies passes above all from the correct software maintenance and a daily check of the possible bugs in the infrastructure.
The cloud for companies represents the only system capable of guaranteeing flexibility and scalability. Indispensable qualities for today’s businesses that have to manage huge amounts of data and face the challenges related to remote working in terms of collaboration and sharing of important information.
It is important to choose cloud providers that operate according to high-security standards: we speak of a “defense in depth” approach (or Defense in Depth) to protect the infrastructure and guarantee the integrity of the information. In recent years, Google Cloud has invested in developing cybersecurity solutions and products capable of supporting companies in achieving corporate, regulatory, and governance objectives. The rich set of controls and features allows for high security and customization without compromising performance.