Microsoft fixes ‘AutoWarp’ Azure bug that exposed customer data
By MYBRANDBOOK
Microsoft has addressed a vulnerability in the Azure Automation service, dubbed as ‘AutoWarp’, that could have allowed attackers to take complete control over other Azure customers' data. The vulnerability allows an attacker to steal other Azure customers' Managed Identities authentication tokens from an internal server that manages the sandboxes of other users.
Microsoft fixed the security flaw by blocking access to auth tokens to all sandboxes except the one that had legitimate access. The company notified all affected Azure Automation service customers and recommended following the security best practices.
Azure Automation accounts impacted by this vulnerability include those with the Managed Identity feature enabled. The company publicly disclosed the vulnerability, saying that it found no evidence that Managed Identities tokens were misused, or AutoWarp exploited in attacks.
Orca Security's Cloud Security Researcher, who discovered the bug, said, “Someone with malicious intentions could've continuously grabbed tokens, and with each token, widen the attack to more Azure customers. This attack could mean full control over resources and data belonging to the targeted account, depending on the permissions assigned by the customer. We discovered large companies at risk (including a global telecommunications company, two car manufacturers, a banking conglomerate, big four accounting firms, and more).
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
LAVA INTERNATIONAL LTD.
TEJAS NETWORKS INDIA PVT. LTD.
VVDN TECHNOLOGIES
SECUREYE SERVICES PVT. LTD.
Technology Icons Of India 2023: Rajeev Chandrasekhar
Rajeev Chandrasekhar is the Union Minister of State for Electronics an...
Technology Icons Of India 2023: Dr. P D Vaghela
Dr PD Vaghela serves as the Chairperson of Telecommunications Regulato...
Technology Icons Of India 2023: Dr. Sanjay Bahl
Sanjay Bahl is currently with the Indian Computer Emergency Response T...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
DRDO is India's largest and most diverse research organisation
DRDO is the R&D wing of Ministry of Defence, Govt of India, with a vis...
FORTUNE MARKETING PVT. LTD.
Delhi based Fortune Marketing, An ISO 9001:2008 company, distributes ...
SATCOM INFOTECH PVT. LTD.
Satcom Infotech Pvt. Ltd is a distribution houses in security in India...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...