Breaking – Microsoft Warns Thousands of its Business and Government Azure Cloud Customers Their Databases Are Exposed to Hackers

Microsoft warned today thousands of its cloud computing customers which include some of the world’s largest companies and some governments that intruders could have the ability to read, change or even delete their main databases.

The vulnerability, dubbed ChaosDB, is in Microsoft Azure’s flagship Cosmos database. A third party research team discovered earlier this month that it was able to access keys that control access to databases held by thousands of companies and governments.

Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay the third party team of researchers $40,000 for finding the flaw and reporting it.

Although Microsoft’s email to customers said it has fixed the vulnerability and that there was no evidence the flaw had been exploited does not mean the flaw has not been exploited and the ramifications of this could be very serious.

A senior MLi Group Cyber-Survivability & Security expert said, “Hackers who target their victims and who are Geo-Poli-Cyber motivated by ideology,  extremism, or other sinister agendas could have learnt a lot in the short time the vulnerability was present.”

The MLi expert later added, This info could enable them to identify other  vulnerabilities or means to perpetrate future cyber attacks that can go undetected for months.”

“This is the worst cloud vulnerability you can imagine. It is a long-lasting secret,” said a senior member of the third party group who discovered the vulnerability. He added, “This is the central database of Azure, and we were able to get access to any customer database that we wanted.”

The disclosure comes after months of bad security news for Microsoft. The company was breached by the same hackers that infiltrated SolarWinds, who stole Microsoft source code.

What Are
& Risks?

What Are Geo-Poli-Cyber™ (GPCyber™) Warfare, Risks & Threats?

Geo-Poli-Cyber™ warfare has spread worldwide in recent years and is impacting everyone without exception through cyber attacks that are political, ideological, terrorist, extremist, ‘religious’ and/or geo-politically motivated. They are perpetrated by political and extremist groups, national security agencies and/or their proxies, and lone wolves.

Cyber security strategies and solutions that are followed like gospel have failed and will continue to fail to mitigate, defend and protect national sovereignty and corporate security from Geo-Poli-Cyber™ attacks on unprecedented scales and with devastating political, social, and financial consequences.
More Sinister and Destructive Than Financial Motivations

Geo-Poli-Cyber™ attacks are significantly different from financially motivated cyber-attacks in damage, scale, magnitude and require different and upscaled risk mitigation strategies and solutions.

Why Do Existing Strategies & Solution keep failing?

MLi Group chairman Khaled Fattal created the terms Poli-Cyber™ and Geo-Poli-Cyber™ (GPCyber™) back in 2012 because of seismic game-changing events he had observed years before. Fattal believed that these events and trends will cause …

Click to read more

Survivability News Latest