Microsoft fixes ‘AutoWarp’ Azure bug that exposed customer data
By MYBRANDBOOK
Microsoft has addressed a vulnerability in the Azure Automation service, dubbed as ‘AutoWarp’, that could have allowed attackers to take complete control over other Azure customers' data. The vulnerability allows an attacker to steal other Azure customers' Managed Identities authentication tokens from an internal server that manages the sandboxes of other users.
Microsoft fixed the security flaw by blocking access to auth tokens to all sandboxes except the one that had legitimate access. The company notified all affected Azure Automation service customers and recommended following the security best practices.
Azure Automation accounts impacted by this vulnerability include those with the Managed Identity feature enabled. The company publicly disclosed the vulnerability, saying that it found no evidence that Managed Identities tokens were misused, or AutoWarp exploited in attacks.
Orca Security's Cloud Security Researcher, who discovered the bug, said, “Someone with malicious intentions could've continuously grabbed tokens, and with each token, widen the attack to more Azure customers. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer. We discovered large companies at risk (including a global telecommunications company, two car manufacturers, a banking conglomerate, big four accounting firms, and more).
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Puneet Chandok
Puneet Chandok is President, Microsoft India & South Asia and is respo...
Icons Of India : NIKHIL RATHI
Co-founder & CEO of Web Werks, a global leader in Data Centers and Clo...
Icons Of India : Arjun Malhotra
Arjun Malhotra, the Chairman of Magic Software Inc., is widely recogni...
C-DOT - Center of Development of Telematics
India’s premier research and development center focused on telecommu...
LIC - Life Insurance Corporation of India
LIC is the largest state-owned life insurance company in India...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
Indian Tech Talent Excelling The Tech World - AJAY BANGA, President - World Bank
Ajay Banga is an Indian-born American business executive who currently...
Indian Tech Talent Excelling The Tech World - RAVI KUMAR S, CEO- Cognizant
Ravi Kumar S, appointed as CEO of Cognizant in January 2023, sets the ...
Indian Tech Talent Excelling The Tech World - George Kurian, CEO, Netapp
George Kurian, the CEO of global data storage and management services ...