Details about Microsoft Azure Cosmos DB vulnerability

576

Customers using Microsoft Azure cloud platform for their application needs are being warned against a new vulnerability that has been discovered recently by a security company named WIZ. The Cybersecurity firm has named the Cosmos DB vulnerability as ChaosDB vulnerability and warned that the flaw could have exposed content related to thousands of Azure clients to date.

Fortune 500 companies, such as T-Mobile and Coca-Cola, use CosmosDB platform to store vast amounts of data in real time. And Jupyter Notebook feature on the said platform allowed customers to visualize their data if/when configured.

Although the feature was optionally active from 2019, it was made mandatory for all Cosmos DB customers from Feb this year.

WIZ says that there is a susceptibility in the Jupyter (Jupiter) Notebook feature that could allow hackers to remotely download, delete, manipulate enormous amounts of data.

Microsoft received an alert from Wiz about the vulnerability last week, and its engineers worked on the issue and disabled the notebook feature to counter the susceptibility.

What’s concerning about this issue is that there is a high possibility that some hacker/s could have exploited the vulnerability long ago and could have accessed the stored data of clients from the database.

In the meantime, reports are in that Microsoft CEO Satya Nadella was the first tech executive to promise an increase in spending on cybersecurity over the next 5 years.

While speaking at the White House Cybersecurity Summit, Mr. Nadella assured that his company will do everything to save the national infrastructure from state funded cyber attack such as the one witnessed in Solarwinds hack, Colonial Pipeline Ransomware Attack, Kaseya Ransomware Attack 2021 and JBS Meat Attack.

Ad
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security