Microsoft tells customers to change digital access keys

NEW DELHI :

Last week, tech giant Microsoft asked many of its customers to update the access keys to their databases held in the company’s Azure cloud service. Security researchers from a company called Wiz had informed the technology giant that a loophole in their systems allowed hackers to access the keys that would control access to companies’ databases held in Microsoft’s Cosmos DB database.

In an updated blog post, the security firm also detailed ways for Microsoft’s customers to find out whether their internal systems may be affected.

Loading...

“There are two main remediation steps to perform. The first is to replace the CosmosDB primary keys and the second step is to reduce network exposure of CosmosDB accounts as much as possible,” the researchers said in the updated blog post. “For the key regeneration, the security teams should ask all DB owners to replace their primary keys as explained below and they can use the powershell script attached below for monitoring of the key upgrade process.

In an earlier post on 26 August, the researchers had said that the vulnerability in Microsoft’s systems could allow hackers “unrestricted access” to accounts and databases of “several thousand Microsoft Azure customers, including many Fortune 500 companies. Reuters reported that Microsoft had paid the company $40,000 for responsibly reporting the leak to the company.

“Microsoft’s Security Team deserves enormous credit for taking immediate action to address the problem. We rarely see security teams move so fast! They disabled the vulnerable notebook feature within 48 hours after we reported it. It’s still turned off for all customers pending a security redesign,” the blog post from Wiz said.

Loading...

Subscribe to Mint Newsletters

* Enter a valid email

Loading...

* Thank you for subscribing to our newsletter.

Never miss a story! Stay connected and informed with Mint.
Download
our App Now!!

Loading...

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

Loading...

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechiLive.in is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.

Loading...