U-S-NEWS.COM - REAL NEWS for REAL PEOPLE
KING's of FAKE NEWS = CNN - CBS News - MSNBC News - ABC News - The New York Times - The Washington Post - Facebook - Twitter and more
They ALL SUCKS and simply DO NOT tell you the truth PERIOD
WARNING! If you usually get your news from one of these so-called "News Services" Welcome to you, but be prepared for big surprises!
eg. the earth IS round, but not like a pancake, more like a football - 2+2 is not 5 or 22 but 4 - There is not 57 different genders, only 2
Help your friends, family and the truth by sharing this page and articles. Amen and a-women
KNOWLEDGE is POWER / REAL NEWS is KEY
New York: Monday, September 20, 2021
© 2021 U-S-NEWS.COM
Online Readers: 70
(2 just watching the pictures)
FILE PHOTO: A Microsoft logo is pictured on a store in New York

SCIENCE & TECH:
Microsoft warns Azure customers of flaw that could have permitted hackers access to data


FILE PHOTO: A Microsoft logo is pictured on a store in the Manhattan borough of New York City, New York, U.S., January 25, 2021. REUTERS/Carlo Allegri/File Photo

September 9, 2021

By Joseph Menn

SAN FRANCISCO (Reuters) -Microsoft warned some of its Azure cloud computing customers that a flaw discovered by security researchers could have allowed hackers access to their data.

In a blog post from its security response team, Microsoft said it had fixed the flaw reported by Palo Alto Networks and it had no evidence malicious hackers had abused the technique.

It said it had notified some customers they should change their login credentials as a precaution.

The blog post https://msrc-blog.microsoft.com/2021/09/08/coordinated-disclosure-of-vulnerability-in-azure-container-instances-service followed questions from Reuters about the technique described by Palo Alto. Microsoft did not answer any of the questions, including whether it was confident no data had been accessed.

In an earlier interview, Palo Alto researcher Ariel Zelivansky told Reuters his team had been able to break out of Azure’s widely used system for so-called containers that store programs for users.

The Azure containers used code that had not been updated to patch a known vulnerability, he said.

As a result the Palo Alto team was able to eventually get full control of a cluster that included containers from other users.

“This is the first attack on a cloud provider to use container escape to control other accounts,” said longtime container security expert Ian Coldwater, who reviewed Palo Alto’s work at Reuters’ request.

Palo Alto reported the issue to Microsoft in July. Zelivansky said the effort had taken his team several months and he agreed that malicious hackers probably had not used a similar method in real attacks.

Still, the report is the second major flaw revealed in Microsoft’s core Azure system in as many weeks. In late August, security experts at Wiz described a database flaw that also would have allowed one customer to alter another’s data https://www.reuters.com/technology/researchers-cybersecurity-agency-urge-action-by-microsoft-cloud-database-users-2021-08-28.

In both cases, Microsoft’s acknowledgment focused on those customers who might have been somehow affected by the researchers themselves, rather than everyone put at risk by its own code.

“Out of an abundance of caution, notifications were sent to customers potentially affected by the researcher activities,” Microsoft wrote on Wednesday.

Coldwater said the problem reflected a failure to apply patches in a timely fashion, something Microsoft has often blamed its customers for.

“Keeping code updated is really important,” Coldwater said. “A lot of the things that made this attack possible would no longer be possible with modern software.”

Coldwater said that some security software used by cloud customers would have detected malicious attacks like the one envisioned by the security company, and that logs would also show signs of any such activity.

The research underscored the shared responsibility between cloud providers and customers for security.

Zelivansky said cloud architectures are generally safe, while Microsoft and other cloud providers can make fixes themselves, rather than rely on customers to apply updates.

But he noted that cloud attacks by well-funded adversaries, including national governments, are “a valid concern.”

(Reporting by Joseph Menn; Editing by Chris Reese and Richard Pullin)

Read Original – Click Here

(Visited 3 times, 1 visits today)
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

©2021 U-S-NEWS.COM - REAL NEWS for REAL PEOPLE

DRAIN the SWAMP
BUT HOW? WELL IT'S EASY
FIND OUT HOW RIGHT HERE
HELP DRAIN the SWAMP - We have now seen how the left-wing cancel culture, with great help from our mainstream fake-news media hand in hand with Google, Youtube, Twitter, Amazon, Stripe and more, they are all trying to suppress conservative opinions. It's now the time for us to cancel or at least avoid using their so-called services. Yes but how to do that? Well it's actually very easy! There are Great alternatives for both Facebook, Twitter and Youtube, in fact even better! Find out more right here.
I'm down here in the swamp. Help me!
You now reached the bottom, exactly like
JOE BIDEN
Commander in Thief
PGlmcmFtZSB3aWR0aD0iNTAwIiBoZWlnaHQ9IjI4MSIgc3JjPSJodHRwczovL3d3dy55b3V0dWJlLmNvbS9lbWJlZC9RUDBSUmhDTzBUMCIgZnJhbWVib3JkZXI9IjAiIGFsbG93PSJhY2NlbGVyb21ldGVyOyBhdXRvcGxheTsgY2xpcGJvYXJkLXdyaXRlOyBlbmNyeXB0ZWQtbWVkaWE7IGd5cm9zY29wZTsgcGljdHVyZS1pbi1waWN0dXJlIiBhbGxvd2Z1bGxzY3JlZW4+PC9pZnJhbWU+

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

SCIENCE & TECH: Microsoft warns Azure customers of flaw that could have permitted hackers access to data

Log in with your credentials

Forgot your details?

Thanks!

Subscribe - Real News for Real People - Daily or Weekly Click Here


Send this to a friend