Check Point reported Microsoft about the two security vulnerabilities found in their research last year.
Hackers could have abused flaw in Azure Stack to take screenshots and lift sensitive information of Azure tenants and infrastructure machines such as banking or credit card information.
The North Patchwork for both security flaws in Azure were issued to the public by the end of 2019.
Cybersecurity firm Check Point on Thursday revealed that it identified last year which have now been fixed.
Check Point Research said it had informed Microsoft Security Response Centre about the vulnerabilities found in their research last year, even as Microsoft CEO Satya Nadella has put emphasis on keeping Azure Cloud secure with integrated end-to-end identity, security, and compliance solution.
The Israel-based cybersecurity firm said it worked closely with Microsoft to solve these issues, which could have led to a user on the Azure network could have potentially taken control over the entire server, opening a path to business code theft and manipulation and made the cloud more secure.
What would have been a threat?
Check Point said that it disclosed the first security flaw on January 19 last year while the second security flaw was disclosed on June 27. The first security fault was discovered in Azure Stack, while the second was discovered in Azure App Service.
We are the only company that offers integrated end-to-end identity, security and compliance solutions to protect people and organizations, spanning identity management, devices, cloud apps, data and infrastructure. Azure Stack Edge brings rapid Machine Learning inferencing closer to where data is generated and the new ruggedized Azure Stack form factors provide cloud capabilities in even the harshest of conditions like disaster response.
- Satya Nadella, CEO, Microsoft
The researchers said to take screenshots and lift sensitive information of Azure tenants and infrastructure machines such as banking or credit card information. While the Azure App flaw would have empowered to take control over server and business code.
The researchers proved that a hacker could compromise tenant applications, data, and accounts by creating a free user in Azure Cloud and running malicious Azure functions. The disclosure came as Nadella, during an earnings call on Wednesday, said that now to security, will cost businesses, governments and individuals $1 trillion this year.
Full patches for both security flaws in Azure were issued to the public by the end of 2019.
What Microsoft has said?
In its explanation, Microsoft has said that to the public by the end of 2019, while ensuring that Azure users are now protected with the update.
When operating in the cloud, enterprises often behave with the wild abandon as if their services are hosted in their basement behind the safety of their trusted gateway. It’s easy to forget that while you might be sitting within your enterprise in the office, your device – using your corporate internet connection – is actually communicating with a service that is hosted outside of the organization. The potential costs to businesses are dramatic – phishing schemes and data leaks have cost global brands both in dollar value and reputational value.
- Satya Nadella, CEO, Microsoft
He went on to say that Azure is the only that offers consistency across operating models, development environments, and infrastructure stack, enabling customers to bring cloud compute and intelligence to any connected or disconnected environment.
According to Microsoft, Azure App Service enables you to build and host web apps, mobile back ends, and RESTful APIs in the programming language of your choice, without managing infrastructure. It offers auto-scaling and high availability, supports both Windows and Linux, and enables automated deployments from GitHub, Azure DevOps, or any Git repo.
Asserting the users, Nadella said, "Our differentiated approach across the cloud and edge is winning customers. The US Department of Defense chose Azure to support our men and women in uniform at home, abroad, and at their tactical edge."
There will be 175 zettabytes of data by 2025, up from 40 zettabytes today.
"Processing this data in real-time will be an operational imperative for every organization. Azure Synapse is our limitless analytics service. It brings together big data analytics and data warehousing with unmatched performance, scale and security," the Microsoft CEO said
In another news...
Check Point released its Brand Phishing Report for Q4 2019 today, which highlights the brands which were most frequently imitated by criminals in their attempts to steal individuals’ personal information or payment credentials during Q4.
According to the Brand Phishing report, Facebook is the most imitated brand for phishing attempts.