AshLim
2021-08-29
[惊讶]
Researchers, cybersecurity agency urge action by Microsoft cloud database users
免责声明:上述内容仅代表发帖人个人观点,不构成本平台的任何投资建议。
分享至
微信
复制链接
精彩评论
我们需要你的真知灼见来填补这片空白
打开APP,发表看法
APP内打开
发表看法
3
{"i18n":{"language":"zh_CN"},"detailType":1,"isChannel":false,"data":{"magic":2,"id":813549235,"tweetId":"813549235","gmtCreate":1630219193627,"gmtModify":1704957196959,"author":{"id":3561324941812646,"idStr":"3561324941812646","authorId":3561324941812646,"authorIdStr":"3561324941812646","name":"AshLim","avatar":"https://static.laohu8.com/default-avatar.jpg","vip":1,"userType":1,"introduction":"","boolIsFan":false,"boolIsHead":false,"crmLevel":2,"crmLevelSwitch":0,"individualDisplayBadges":[],"fanSize":1,"starInvestorFlag":false},"themes":[],"images":[],"coverImages":[],"extraTitle":"","html":"<html><head></head><body><p><span>[惊讶] </span></p></body></html>","htmlText":"<html><head></head><body><p><span>[惊讶] </span></p></body></html>","text":"[惊讶]","highlighted":1,"essential":1,"paper":1,"likeSize":3,"commentSize":0,"repostSize":0,"favoriteSize":0,"link":"https://laohu8.com/post/813549235","repostId":2163304079,"repostType":4,"repost":{"id":"2163304079","kind":"news","pubTimestamp":1630193325,"share":"https://www.laohu8.com/m/news/2163304079?lang=&edition=full","pubTime":"2021-08-29 07:28","market":"us","language":"en","title":"Researchers, cybersecurity agency urge action by Microsoft cloud database users","url":"https://stock-news.laohu8.com/highlight/detail?id=2163304079","media":"Reuters","summary":"(Reuters) - Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp","content":"<p>(Reuters) - Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp's Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.</p>\n<p>As first reported by Reuters https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.</p>\n<p>Alerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.</p>\n<p>In a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.</p>\n<p>\"Our investigation shows no unauthorized access other than the researcher activity,\" Microsoft wrote. \"Notifications have been sent to all customers that could be potentially affected due to researcher activity,\" it said, perhaps referring to the chance that the technique had leaked from Wiz.</p>\n<p>\"Though no customer data was accessed, it is recommended you regenerate your primary read-write keys,\" it said.</p>\n<p>The U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.</p>\n<p>\"CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key,\" the agency said https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance.</p>\n<p>Experts at Wiz, founded by four veterans of Azure's in-house security team, agreed.</p>\n<p>\"In my estimation, it's really hard for them, if not impossible, to completely rule out that someone used this before,\" said <a href=\"https://laohu8.com/S/AONE.U\">one</a> of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.</p>\n<p>Microsoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.</p>\n<p>\"We expanded our search beyond the researcher's activities to look for all possible activity for current and similar events in the past,\" said spokesman Ross Richendrfer, declining to address other questions.</p>\n<p>Wiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.</p>\n<p>\"It's terrifying. I really hope than no one besides us found this bug,\" said one of the lead researchers on the project at Wiz, Sagi Tzadik.</p>","source":"yahoofinance","collect":0,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>Researchers, cybersecurity agency urge action by Microsoft cloud database users</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nResearchers, cybersecurity agency urge action by Microsoft cloud database users\n</h2>\n\n<h4 class=\"meta\">\n\n\n2021-08-29 07:28 GMT+8 <a href=https://finance.yahoo.com/news/researchers-cybersecurity-agency-urge-action-232845273.html><strong>Reuters</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>(Reuters) - Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp's Azure cloud platform on Saturday urged all users to change their digital access keys, not just ...</p>\n\n<a href=\"https://finance.yahoo.com/news/researchers-cybersecurity-agency-urge-action-232845273.html\">Web Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","type":0,"thumbnail":"","relate_stocks":{"MSFT":"微软"},"source_url":"https://finance.yahoo.com/news/researchers-cybersecurity-agency-urge-action-232845273.html","is_english":true,"share_image_url":"https://static.laohu8.com/5f26f4a48f9cb3e29be4d71d3ba8c038","article_id":"2163304079","content_text":"(Reuters) - Researchers who discovered a massive flaw in the main databases stored in Microsoft Corp's Azure cloud platform on Saturday urged all users to change their digital access keys, not just the 3,300 it notified this week.\nAs first reported by Reuters https://www.reuters.com/technology/exclusive-microsoft-warns-thousands-cloud-customers-exposed-databases-emails-2021-08-26, researchers at a cloud security company called Wiz discovered this month they could have gained access to the primary digital keys for most users of the Cosmos DB database system, allowing them to steal, change or delete millions of records.\nAlerted by Wiz, Microsoft rapidly fixed the configuration mistake that would have made it easy for any Cosmos user to get into other customers' databases, then notified some users Thursday to change their keys.\nIn a blog post Friday, Microsoft said it warned customers which had set up Cosmos access during the weeklong research period. It found no evidence that any attackers had used the same flaw to get into customer data, it noted.\n\"Our investigation shows no unauthorized access other than the researcher activity,\" Microsoft wrote. \"Notifications have been sent to all customers that could be potentially affected due to researcher activity,\" it said, perhaps referring to the chance that the technique had leaked from Wiz.\n\"Though no customer data was accessed, it is recommended you regenerate your primary read-write keys,\" it said.\nThe U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency used stronger language in a bulletin Friday, making clear it was speaking not just to those notified.\n\"CISA strongly encourages Azure Cosmos DB customers to roll and regenerate their certificate key,\" the agency said https://us-cert.cisa.gov/ncas/current-activity/2021/08/27/microsoft-azure-cosmos-db-guidance.\nExperts at Wiz, founded by four veterans of Azure's in-house security team, agreed.\n\"In my estimation, it's really hard for them, if not impossible, to completely rule out that someone used this before,\" said one of the four, Wiz Chief Technology Officer Ami Luttwak. At Microsoft he developed tools for logging cloud security incidents.\nMicrosoft did not give a direct answer when asked if it had comprehensive logs for the two years when the Jupyter Notebook feature was misconfigured, or had used another way to rule out access abuse.\n\"We expanded our search beyond the researcher's activities to look for all possible activity for current and similar events in the past,\" said spokesman Ross Richendrfer, declining to address other questions.\nWiz said Microsoft had worked closely with it on the research but had declined to say how it could be sure earlier customers were safe.\n\"It's terrifying. I really hope than no one besides us found this bug,\" said one of the lead researchers on the project at Wiz, Sagi Tzadik.","news_type":1},"isVote":1,"tweetType":1,"viewCount":560,"commentLimit":10,"likeStatus":false,"favoriteStatus":false,"reportStatus":false,"symbols":[],"verified":2,"subType":0,"readableState":1,"langContent":"CN","currentLanguage":"CN","warmUpFlag":false,"orderFlag":false,"shareable":true,"causeOfNotShareable":"","featuresForAnalytics":[],"commentAndTweetFlag":false,"andRepostAutoSelectedFlag":false,"upFlag":false,"length":6,"xxTargetLangEnum":"ZH_CN"},"commentList":[],"isCommentEnd":true,"isTiger":false,"isWeiXinMini":false,"url":"/m/post/813549235"}
精彩评论