ANL 15.40 Decreased By ▼ -0.48 (-3.02%)
ASC 13.26 Decreased By ▼ -0.24 (-1.78%)
ASL 17.65 Decreased By ▼ -0.65 (-3.55%)
BOP 8.75 Decreased By ▼ -0.13 (-1.46%)
BYCO 7.24 Decreased By ▼ -0.11 (-1.5%)
FCCL 18.42 Increased By ▲ 0.33 (1.82%)
FFBL 23.20 Increased By ▲ 0.10 (0.43%)
FFL 15.10 Decreased By ▼ -0.20 (-1.31%)
FNEL 7.08 Decreased By ▼ -0.03 (-0.42%)
GGGL 16.75 Decreased By ▼ -0.11 (-0.65%)
GGL 27.95 Decreased By ▼ -0.20 (-0.71%)
HUMNL 6.67 Increased By ▲ 0.03 (0.45%)
JSCL 19.20 Decreased By ▼ -0.40 (-2.04%)
KAPCO 26.60 Decreased By ▼ -0.40 (-1.48%)
KEL 3.42 Decreased By ▼ -0.01 (-0.29%)
MDTL 2.10 Decreased By ▼ -0.08 (-3.67%)
MLCF 35.60 Increased By ▲ 0.59 (1.69%)
NETSOL 101.00 Decreased By ▼ -2.75 (-2.65%)
PACE 4.12 Decreased By ▼ -0.06 (-1.44%)
PAEL 26.25 Decreased By ▼ -0.90 (-3.31%)
PIBTL 8.12 Decreased By ▼ -0.08 (-0.98%)
POWER 7.25 Increased By ▲ 0.32 (4.62%)
PRL 16.20 Decreased By ▼ -0.24 (-1.46%)
PTC 9.20 Increased By ▲ 0.12 (1.32%)
SILK 1.47 Decreased By ▼ -0.03 (-2%)
SNGP 39.97 Decreased By ▼ -0.78 (-1.91%)
TELE 16.69 Decreased By ▼ -0.45 (-2.63%)
TRG 126.45 Decreased By ▼ -3.91 (-3%)
UNITY 29.20 Decreased By ▼ -0.70 (-2.34%)
WTL 2.37 Decreased By ▼ -0.06 (-2.47%)
BR100 4,739 Decreased By ▼ -24.71 (-0.52%)
BR30 20,391 Decreased By ▼ -279.81 (-1.35%)
KSE100 45,587 Decreased By ▼ -234.17 (-0.51%)
KSE30 17,879 Decreased By ▼ -126.78 (-0.7%)

Coronavirus
LOW Source: covid.gov.pk
Pakistan Deaths
28,344
1624hr
Pakistan Cases
1,267,393
56724hr
1.45% positivity
Sindh
466,945
Punjab
438,636
Balochistan
33,159
Islamabad
106,615
KPK
177,240

SAN FRANCISCO: Microsoft on Thursday warned thousands of its cloud computing customers, including some of the world’s largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher.

The vulnerability is in Microsoft Azure’s flagship Cosmos DB database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft’s Cloud Security Group.

Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz.

“We fixed this issue immediately to keep our customers safe and protected. We thank the security researchers for working under coordinated vulnerability disclosure,” Microsoft told Reuters.

Microsoft’s email to customers said there was no evidence the flaw had been exploited. “We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key,” the email said.

“This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” Luttwak told Reuters. “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

Luttwak’s team found the problem, dubbed ChaosDB, on Aug. 9 and notified Microsoft Aug. 12, Luttwak said.

Comments

Comments are closed.