CL777
2021-08-27
That’s serious
Microsoft warns thousands of cloud customers of exposed databases
免责声明:上述内容仅代表发帖人个人观点,不构成本平台的任何投资建议。
分享至
微信
复制链接
精彩评论
我们需要你的真知灼见来填补这片空白
打开APP,发表看法
APP内打开
发表看法
8
6
{"i18n":{"language":"zh_CN"},"detailType":1,"isChannel":false,"data":{"magic":2,"id":819036126,"tweetId":"819036126","gmtCreate":1630021656165,"gmtModify":1704954625042,"author":{"id":3560241002253187,"idStr":"3560241002253187","authorId":3560241002253187,"authorIdStr":"3560241002253187","name":"CL777","avatar":"https://static.tigerbbs.com/e9aef3dd830373a0427a3447b1b564e3","vip":1,"userType":1,"introduction":"","boolIsFan":false,"boolIsHead":false,"crmLevel":6,"crmLevelSwitch":0,"individualDisplayBadges":[],"fanSize":1026,"starInvestorFlag":false},"themes":[],"images":[],"coverImages":[],"extraTitle":"","html":"<html><head></head><body><p>That’s serious </p></body></html>","htmlText":"<html><head></head><body><p>That’s serious </p></body></html>","text":"That’s serious","highlighted":1,"essential":1,"paper":1,"likeSize":6,"commentSize":8,"repostSize":0,"favoriteSize":0,"link":"https://laohu8.com/post/819036126","repostId":2162199960,"repostType":4,"repost":{"id":"2162199960","pubTimestamp":1630020684,"share":"https://www.laohu8.com/m/news/2162199960?lang=&edition=full","pubTime":"2021-08-27 07:31","market":"us","language":"en","title":"Microsoft warns thousands of cloud customers of exposed databases","url":"https://stock-news.laohu8.com/highlight/detail?id=2162199960","media":"Reuters","summary":"SAN FRANCISCO (Reuters) - Microsoft on Thursday warned thousands of its cloud computing customers, i","content":"<p>SAN FRANCISCO (Reuters) - Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.</p>\n<p>The vulnerability is in Microsoft Azure's flagship Cosmos database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft's Cloud Security Group.</p>\n<p>Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz.</p>\n<p>Microsoft spokespeople did not immediately comment.</p>\n<p>Microsoft's email to customers said it has fixed the vulnerability and that there was no evidence the flaw had been exploited. \"We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,\" according to a copy of the email seen by Reuters.</p>\n<p>“This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak told Reuters. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”</p>\n<p>Luttwak's team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft Aug. 12, Luttwak said.</p>\n<p>The disclosure comes after months of bad security news for Microsoft. The company was breached by the same suspected Russian government hackers that infiltrated SolarWinds, who stole Microsoft source code https://www.reuters.com/article/us-cyber-solarwinds-microsoft-idUSKBN2AI2Q0.</p>\n<p>A recent fix for a printer flaw that allowed computer takeovers had to be redone repeatedly. And an Exchange email flaw last week prompted an urgent U.S. government warning https://us-cert.cisa.gov/ncas/current-activity/2021/08/21/urgent-protect-against-active-exploitation-proxyshell that customers need to install patches issued months ago because ransomware gangs are now exploiting it.</p>","source":"yahoofinance","collect":0,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>Microsoft warns thousands of cloud customers of exposed databases</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nMicrosoft warns thousands of cloud customers of exposed databases\n</h2>\n\n<h4 class=\"meta\">\n\n\n2021-08-27 07:31 GMT+8 <a href=https://finance.yahoo.com/news/exclusive-microsoft-warns-thousands-cloud-233124698.html><strong>Reuters</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>SAN FRANCISCO (Reuters) - Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, ...</p>\n\n<a href=\"https://finance.yahoo.com/news/exclusive-microsoft-warns-thousands-cloud-233124698.html\">Web Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","type":0,"thumbnail":"","relate_stocks":{"MSFT":"微软"},"source_url":"https://finance.yahoo.com/news/exclusive-microsoft-warns-thousands-cloud-233124698.html","is_english":true,"share_image_url":"https://static.laohu8.com/5f26f4a48f9cb3e29be4d71d3ba8c038","article_id":"2162199960","content_text":"SAN FRANCISCO (Reuters) - Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.\nThe vulnerability is in Microsoft Azure's flagship Cosmos database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft's Cloud Security Group.\nBecause Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz.\nMicrosoft spokespeople did not immediately comment.\nMicrosoft's email to customers said it has fixed the vulnerability and that there was no evidence the flaw had been exploited. \"We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,\" according to a copy of the email seen by Reuters.\n“This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak told Reuters. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”\nLuttwak's team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft Aug. 12, Luttwak said.\nThe disclosure comes after months of bad security news for Microsoft. The company was breached by the same suspected Russian government hackers that infiltrated SolarWinds, who stole Microsoft source code https://www.reuters.com/article/us-cyber-solarwinds-microsoft-idUSKBN2AI2Q0.\nA recent fix for a printer flaw that allowed computer takeovers had to be redone repeatedly. And an Exchange email flaw last week prompted an urgent U.S. government warning https://us-cert.cisa.gov/ncas/current-activity/2021/08/21/urgent-protect-against-active-exploitation-proxyshell that customers need to install patches issued months ago because ransomware gangs are now exploiting it.","news_type":1},"isVote":1,"tweetType":1,"viewCount":101,"commentLimit":10,"likeStatus":false,"favoriteStatus":false,"reportStatus":false,"symbols":[],"verified":2,"subType":0,"readableState":1,"langContent":"EN","currentLanguage":"EN","warmUpFlag":false,"orderFlag":false,"shareable":true,"causeOfNotShareable":"","featuresForAnalytics":[],"commentAndTweetFlag":false,"andRepostAutoSelectedFlag":false,"upFlag":false,"length":13,"xxTargetLangEnum":"ORIG"},"commentList":[],"isCommentEnd":true,"isTiger":false,"isWeiXinMini":false,"url":"/m/post/819036126"}
精彩评论