IQcute
2021-08-27
[惊讶]
Microsoft Cloud Databases Vulnerable for Years, Researchers Say
免责声明:上述内容仅代表发帖人个人观点,不构成本平台的任何投资建议。
分享至
微信
复制链接
精彩评论
我们需要你的真知灼见来填补这片空白
打开APP,发表看法
APP内打开
发表看法
{"i18n":{"language":"zh_CN"},"detailType":1,"isChannel":false,"data":{"magic":2,"id":819328857,"tweetId":"819328857","gmtCreate":1630036118779,"gmtModify":1704954977365,"author":{"id":4092174983483640,"authorId":4092174983483640,"authorIdStr":"4092174983483640","name":"IQcute","avatar":"https://static.tigerbbs.com/b06a3be78c20359230ff855c40659944","vip":1,"userType":1,"introduction":"","boolIsFan":false,"boolIsHead":false,"crmLevel":2,"crmLevelSwitch":0,"individualDisplayBadges":[],"fanSize":48,"starInvestorFlag":false},"themes":[],"images":[],"coverImages":[],"extraTitle":"","html":"<html><head></head><body><p><span>[惊讶] </span></p></body></html>","htmlText":"<html><head></head><body><p><span>[惊讶] </span></p></body></html>","text":"[惊讶]","highlighted":1,"essential":1,"paper":1,"likeSize":0,"commentSize":0,"repostSize":0,"favoriteSize":0,"link":"https://laohu8.com/post/819328857","repostId":2162017845,"repostType":2,"repost":{"id":"2162017845","pubTimestamp":1630034224,"share":"https://www.laohu8.com/m/news/2162017845?lang=&edition=full","pubTime":"2021-08-27 11:17","market":"us","language":"en","title":"Microsoft Cloud Databases Vulnerable for Years, Researchers Say","url":"https://stock-news.laohu8.com/highlight/detail?id=2162017845","media":"Bloomberg","summary":"(Bloomberg) -- A vulnerability in Microsoft Inc.’s cloud database system left data at thousands of c","content":"<p>(Bloomberg) -- A vulnerability in Microsoft Inc.’s cloud database system left data at thousands of clients exposed to potential cyberattacks for about two years, according to the Israeli cybersecurity firm that discovered the bug.</p>\n<p>More than 3,300 of the software giant’s customers were exposed to a flaw in its Azure Cosmos DB database product that could have granted a malicious actor access keys to steal, edit or delete sensitive data, according to researchers at the Tel Aviv-based Wiz.io. Wiz’s co-founder and Chief Technology Officer Ami Luttwak says his team of researchers discovered the vulnerability on Aug. 9 while managing security for some of its own Fortune 500 clients.</p>\n<p>Reuters reported earlier that Microsoft had warned thousands of its Azure customers on Thursday about the security flaw. In an email to clients that was reviewed by Bloomberg News, the software firm asked network administrators to take four steps to protect their Cosmos databases, including generating new digital keys used to securely access those systems.</p>\n<p>Microsoft says they’ve since fixed the vulnerability. “There is no evidence of this technique being exploited by malicious actors,” the company said in an emailed statement. “We are not aware of any customer data being accessed because of this vulnerability.”</p>\n<p>The Wiz researchers found that the vulnerability existed since mid-2019, when Microsoft added a new feature to Cosmos DB called Jupyter Notebooks. The add-on allows database managers to insert lines of code so they can visualize and interact with their data. The feature had to be toggled on by users until February 2021, when Microsoft activated Jupyter Notebooks by default.</p>\n<p>“If I’m a customer using the cloud database, my biggest fear is someone accessing my data without me knowing,” said Wiz’s Luttwak. “And that’s what this vulnerability would have done, if not corrected.”</p>\n<p>Cosmos DB counts companies including Exxon Mobil Corp., Coca-Cola Co. and Citrix Systems Inc. as clients, according to Microsoft’s website for the service. In a customer testimonial on the site, the Walgreens pharmacy chain says it processes more than 6 million prescriptions a day and the company uses Azure Cosmos DB to run “microservices that its prescription transactions rely on.”</p>","source":"yahoofinance","collect":0,"html":"<!DOCTYPE html>\n<html>\n<head>\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" />\n<meta name=\"viewport\" content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\"/>\n<meta name=\"format-detection\" content=\"telephone=no,email=no,address=no\" />\n<title>Microsoft Cloud Databases Vulnerable for Years, Researchers Say</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\nMicrosoft Cloud Databases Vulnerable for Years, Researchers Say\n</h2>\n\n<h4 class=\"meta\">\n\n\n2021-08-27 11:17 GMT+8 <a href=https://finance.yahoo.com/news/microsoft-cloud-databases-vulnerable-years-031704719.html><strong>Bloomberg</strong></a>\n\n\n</h4>\n\n</header>\n<article>\n<div>\n<p>(Bloomberg) -- A vulnerability in Microsoft Inc.’s cloud database system left data at thousands of clients exposed to potential cyberattacks for about two years, according to the Israeli cybersecurity...</p>\n\n<a href=\"https://finance.yahoo.com/news/microsoft-cloud-databases-vulnerable-years-031704719.html\">Web Link</a>\n\n</div>\n\n\n</article>\n</div>\n</body>\n</html>\n","type":0,"thumbnail":"","relate_stocks":{"KO":"可口可乐","MSFT":"微软","XOM":"埃克森美孚","CTXS":"思杰系统"},"source_url":"https://finance.yahoo.com/news/microsoft-cloud-databases-vulnerable-years-031704719.html","is_english":true,"share_image_url":"https://static.laohu8.com/5f26f4a48f9cb3e29be4d71d3ba8c038","article_id":"2162017845","content_text":"(Bloomberg) -- A vulnerability in Microsoft Inc.’s cloud database system left data at thousands of clients exposed to potential cyberattacks for about two years, according to the Israeli cybersecurity firm that discovered the bug.\nMore than 3,300 of the software giant’s customers were exposed to a flaw in its Azure Cosmos DB database product that could have granted a malicious actor access keys to steal, edit or delete sensitive data, according to researchers at the Tel Aviv-based Wiz.io. Wiz’s co-founder and Chief Technology Officer Ami Luttwak says his team of researchers discovered the vulnerability on Aug. 9 while managing security for some of its own Fortune 500 clients.\nReuters reported earlier that Microsoft had warned thousands of its Azure customers on Thursday about the security flaw. In an email to clients that was reviewed by Bloomberg News, the software firm asked network administrators to take four steps to protect their Cosmos databases, including generating new digital keys used to securely access those systems.\nMicrosoft says they’ve since fixed the vulnerability. “There is no evidence of this technique being exploited by malicious actors,” the company said in an emailed statement. “We are not aware of any customer data being accessed because of this vulnerability.”\nThe Wiz researchers found that the vulnerability existed since mid-2019, when Microsoft added a new feature to Cosmos DB called Jupyter Notebooks. The add-on allows database managers to insert lines of code so they can visualize and interact with their data. The feature had to be toggled on by users until February 2021, when Microsoft activated Jupyter Notebooks by default.\n“If I’m a customer using the cloud database, my biggest fear is someone accessing my data without me knowing,” said Wiz’s Luttwak. “And that’s what this vulnerability would have done, if not corrected.”\nCosmos DB counts companies including Exxon Mobil Corp., Coca-Cola Co. and Citrix Systems Inc. as clients, according to Microsoft’s website for the service. In a customer testimonial on the site, the Walgreens pharmacy chain says it processes more than 6 million prescriptions a day and the company uses Azure Cosmos DB to run “microservices that its prescription transactions rely on.”","news_type":1},"isVote":1,"tweetType":1,"viewCount":124,"commentLimit":10,"likeStatus":false,"favoriteStatus":false,"reportStatus":false,"symbols":[],"verified":2,"subType":0,"readableState":1,"langContent":"CN","currentLanguage":"CN","warmUpFlag":false,"orderFlag":false,"shareable":true,"causeOfNotShareable":"","featuresForAnalytics":[],"commentAndTweetFlag":false,"upFlag":false,"length":6,"xxTargetLangEnum":"ZH_CN"},"commentList":[],"isCommentEnd":true,"isTiger":false,"isWeiXinMini":false,"url":"/m/post/819328857"}
精彩评论