Microsoft Gives Guidance To Secure Azure Cosmos DB Accounts

Share post:

Microsoft has released recommendations to Azure accounts after the discovery of a critical vulnerability in Cosmos DB.

The vulnerability, known as <strong>ChaosDB</strong>, affects Microsoft Azure Cosmos DB, a globally distributed NoSQL database service used by a number of prominent clients including Exxon-Mobil, Mercedes-Benz, and Coca-Cola.

Cloud security firm Wiz uncovered the bug in the Jupyter Notebook feature. Threat actors able to exploit the vulnerability can steal their customers’ primary read-write keys, allowing them to remotely take over databases.

After discovering the bug, Microsoft says it sent warnings to over 30% of Cosmos DB customers about a potential vulnerability on August 26.

According to Wiz, the actual number of affected customers could be much higher than 30%, as most Cosmos DB customers would be affected, as ChaosDB was present and may have been exploited months before the discovery.

To further secure Azure Cosmos DB accounts, Microsoft has the following recommendations:

    <li>All Azure Cosmos DB customers use a combination of firewall rules, vNet and / or Azure Private Link on their account. These network protection mechanisms prevent access from outside your network and unexpected locations.</li><li>In addition to implementing network security controls, we encourage the use of Role Based Access Control. Role Based Access Control allows per user and security principal access control to Azure Cosmos DB – those identities can be audited in Azure Cosmos DB’s diagnostic logs.</li><li>If you cannot use Role Based Access Control, we recommend implementing regularly scheduled key rotations.</li><li>You can find additional security best practices in the Azure Cosmos DB security baseline documentation.</li>

For more information, view the original story from Bleeping Computer.

Featured Tech Jobs



Related articles

Twilio collaborates with Google Cloud AI technology

Twilio and Google Cloud are partnering to improve Twilio Flex, Twilio’s flagship product. The partnership will integrate Google Cloud's...

Salesforce records data cloud surge in latest earnings

Salesforce has reported positive quarterly profitability for the Data Cloud, which was introduced last year as the fastest-growing...

Google raises concerns over Microsoft’s restrictive cloud licensing policies

In a public outcry against Microsoft, Google has joined the chorus of complaints regarding the alleged restrictive cloud...

Alibaba plans full spin-off of cloud business

Alibaba has announced a move to fully spin out its cloud business in a historic six-way shake-up, raising...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways