Recently, Microsoft has informed all its customers about a critical vulnerability in its Azure cloud platform. Here, the security company, Wiz has reported this data leak to Microsoft, and even they have also published the information on their official blog.
After investigating the attack, the experts of Wiz security firm claimed that the issue correlates to the keys that were utilized to access the flagship Microsoft Azure Cosmos DB database service that was created two weeks ago by cybersecurity company Wiz.
ChaosDB
This issue is actually related to the Jupyter Notebook built-in Microsoft Azure Cosmos. The Jupyter Notebook is an open-source web application that enables users to organize as well as share documents that include:-
- Live code
- Equations
- Visualizations
- Narrative text
Apart from all this, the Wiz researchers have detected that by asking for information regarding a target Cosmos DB Jupyter Notebook, it can easily snag credentials for not just the Jupyter Notebook as well as from the Jupyter Notebook Storage account of another user.
Vulnerability Overview
However, the threat actors are targetting the Jupyter Notebook, as it has a feature of Cosmos DB, with the help of that the malicious actor can ask for information regarding the target Cosmos DB Jupyter Notebook.
This is being done by every threat actor as they gain a set of credentials that are associated with the target Cosmos DB account, the Jupyter Notebook compute, and the Jupyter Notebook Storage account, which also includes the Primary Key.
Once the threat actors gain all these credentials, they can easily view, modify, and delete data in the target Cosmos DB account through multiple channels.
POC
Protect Against #ChaosDB Cyberattacks
According to the security analysts of Microsoft, this kind of attack can hamper the victim and can hijack all the credentials, therefore Microsoft has suggested some ways that will help the victim to protect themselves from this kind of attack.
- Microsoft has recommended the customers to renew the Cosmos DB primary keys “out of an abundance of caution.”
- Apart from this, the computing giant has also remarked that Azure Cosmos DB accounts with a vNET or firewall-enabled are preserved by additional security mechanisms that will easily stop the risk of unauthorized access.
However, the researchers are still trying their best to find the details and solutions for the customers that will help them to bypass such attacks. But, they also asserted that customers should stay alert from such attacks, as this type of case is quite unsudden.
Moreover, the most interesting thing is that Microsoft already offered $40,000 to the security firm Wiz as a reward for finding the security hole.
Follow us on Linkedin, Twitter, Facebook for daily Cybersecurity News & Updates
