CALL TODAY! +1 212 222 7061
  • Home
  • Contact Us
  • Blog
  • 24×7 Cyber 911 Response
Report incident
  • IR & Forensics
    • Digital Forensics Services
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Proactive Security
    • Proactive Cyber Defense Services
    • Managed Threat Hunting & Response
    • Remote Cybersecurity Suite
    • The Daily T.R.U.T.H.
    • Remote Worker Cyber Resilience
    • Post Ransomware Threat Hunting Services
    • Cyber Threat Hunting
    • Penetration Testing
    • Secure Code Review
    • Phishing Attack Simulation
    • Managed Detection and Response
    • Ransomware Protection Package
    • Business Email Compromise
  • Advisory
    • Cybersecurity Advisory Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience & Response
    • Compliance Advisory
    • Cloud Security Advisory
    • Project Management as a Service (PMaaS)
    • Tabletop Exercises
    • Cyber Resiliency Training
  • SecurityScorecard
    • Request a Demo
    • Security Data
    • Security Ratings
    • Market Place
    • Security Assessments
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
  • Company
    • About LIFARS
    • About SecurityScorecard
    • Notable Cases and Evidence Contribution
    • Meet the Team
    • Clients Advisory Board
    • LISIRT – Computer Security IR Team
    • Cyber Alliances
    • Insurance Panels
    • Cyber Events & Webinars
    • Cyber Press Room
    • Career in CyberSecurity
    • Cyber Security Training Videos
    • LIFARS SMS Alerts
    • Hackbits Podcast

Microsoft Issued a Warning to Its Azure Customers of a Flaw That Might Allow Hackers to Access Data

09/23/21
Microsoft-Issued-a-Warning-to-Its-Azure-Customers-of-a-Flaw-That-Might-Allow-Hackers-to-Access-Data

On September 8, 2021, Microsoft issued a warning to its Azure customers) cloud computing customers) of a vulnerability. In essence, this flaw could potentially allow hackers access to their data. Thankfully, Microsoft has claimed to have fixed the flaw. However, a technology giant notified its potentially vulnerable Azure customers to reset their login credentials as a precaution. Meanwhile, it also asserted that customers’ data remained untouched by unauthorized access, according to an internal investigation by Microsoft.

 

Do you want to determine your current state along with your risk appetite and tolerance? Avail of the Gap Assessment of LIFARS. We also give you an actionable roadmap to reach the target maturity level.

 

Microsoft Acknowledged the Palo Alto Networks

In a blog post, Microsoft also thanked Palo Alto Networks, who reported the given flaw in the first place in July. At the same time, it also assured its Azure customers that its security team successfully fixed the vulnerability. Microsoft also claimed to find no evidence that an unauthorized actor had accessed the data of its Azure customers.

Palo Alto Researcher Claims in an Interview with Reuters

Ariel Zelivansky, a researcher at Palo Alto, made some shocking claims in an interview with Reuters. He declared that its team turned out successful in breaking out of the Azure system. For the record, it is an extensively used system for containers that store programs for users.

Later, while explaining the details, he argued that the Azure containers employed un-updated code to patch a known vulnerability. Consequently, the Palo Alto team paved the way for assuming full-fledged control of clusters that incorporated containers from other users.

The Second Major Flaw in Two Weeks

The report is the second significant flaw in the Azure system that has become apparent in two weeks. In the later period of last month, Wiz security experts discovered a database flaw. It allowed it to get access to any customer database that it wanted.

In both instances, the acknowledgment of Microsoft focused on customers who might have fallen prey to researchers themselves. Surprisingly, the tech giant did not accept that the flawed code essentially put everyone at risk of getting compromised.

A long-serving container security expert, Ian Coldwater, believes that the problem reflects a fiasco to employ patches on time. It is perhaps intrinsic to the tech giant to blame its Azure customers instead of accepting responsibility. However, Microsoft can make updates themselves instead of relying on customers to implement fixes. For Ian, it is essential to keep code updated. It is because modern software prevents a lot of things that paved the way for the given attack.

Conclusion

It is another compelling example of how a security flaw can open the way for complete compromise in some instances. With hackers well-equipped to disarm the weak security measures, alongside well-funded rivals, including governments, it is time to take cybersecurity seriously.

 

 

References
  • Microsoft warning to Azure customers of flaw that potentially permitted hackers access to data
  • Microsoft blog post
  • Microsoft warns Azure customers of vulnerability that could have paved the way for data breaches
  • Microsoft warning to Azure customers about flaws that could have led to data breaches
  • Azure Customers received a warning of vulnerability that could have Permitted hackers to access data

Related Posts

Share this:

  • Tweet
  • Pocket
  • WhatsApp
  • Email
  • Telegram
  • Share on Tumblr

subscribe for cybersecurity newsletter

LIFARS Cyber Security Training

  • Digital Forensics
    • Computer Forensics Services
    • LISIRT – LIFARS Computer Security Incident Response Team
    • Cyber Incident Response Retainer
    • Cyber Incident Response
    • Data Breach Response
    • Digital Forensics
    • Ransomware Response
    • Bitcoin Payments
  • Cybersecurity
    • Proactive Cyber Security
    • Managed Cybersecurity Threat Hunting & Response Service
    • Post Ransomware Threat Hunting Services
    • The Daily TRUTH
    • Remote Worker Cyber Resilience
    • Penetration Testing
    • Secure Code Review
    • Cyber Threat Hunting
    • Phishing Attack Simulation
  • Security Advisory
    • Cybersecurity Advisory and Consulting Services
    • CISO as a Service
    • Gap Assessment
    • Cyber Resilience Subscription
    • Compliance Advisory
    • Cloud Security Advisory Services
    • Tabletop Exercises
    • Cyber Resiliency Training
  • Resources
    • Case Studies
    • Technical Tools
    • Technical Guides
    • White Papers
    • Cyber Interviews, Tips & FAQ
    • Cyber Events
    • Webinars
    • QuBit Conference
  • Company
    • About Us
    • LIFARS Leadership
    • Alliances
    • Clients Advisory Board
    • Join US!
    • Video Gallery
    • Blog
    • Newsletter
    • Press Room
  • Contact Us
    contact@lifars.com
    (212) 222-7061
    LIFARS, LLC
    244 Fifth Avenue
    Suite 2035
    New York, NY 10001

© 2023 LIFARS, a SecurityScorecard company

  • Privacy Policy
  • Cookie Policy