AZURE

by

Microsoft leaks 38TB of private data via unsecured Azure storage

According to the Article “Microsoft leaks 38TB of private data via unsecured Azure storage

The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.

Almost three years later, this was discovered by cloud security firm Wiz whose security researchers found that a Microsoft employee inadvertently shared the URL for a misconfigured Azure Blob storage bucket containing the leaked information.

Microsoft linked the data exposure to using an excessively permissive Shared Access Signature (SAS) token, which allowed full control over the shared files. This Azure feature enables data sharing in a manner described by Wiz researchers as challenging to monitor and revoke.

Microsoft leaks 28TB of private data via unsecure Azure storage

by

Azure looks like a house of cards collapsing under the weight of exploits and vulnerabilities

Taken from Microsoft comes under blistering criticism for “grossly irresponsible” security – ars Technica

Microsoft has once again come under blistering criticism for the security practices of Azure and its other cloud offerings, with the CEO of security firm Tenable saying Microsoft is “grossly irresponsible” and mired in a “culture of toxic obfuscation.”

The comments from Amit Yoran, chairman and CEO of Tenable, come six days after Sen. Ron Wyden (D-Ore.) blasted Microsoft for what he said were “negligent cybersecurity practices” that enabled hackers backed by the Chinese government to steal hundreds of thousands of emails from cloud customers………. 

Microsoft comes under blistering criticism for “grossly irresponsible” security
by

CPF, EZ-Link services, multiple websites down after power outage at Microsoft Azure

Taken from CPF, EZ-Link services, multiple websites down after power outage at Microsoft Azure

SINGAPORE – Multiple organisations including the Central Provident Fund (CPF) Board, EZ-Link, the Esplanade and Nanyang Technological University (NTU) saw disruptions to their Web services on Wednesday as a result of the outage of the Microsoft Azure cloud service.

Microsoft Azure said on its website that a utility power surge in the South-east Asia region at 3.19am on Wednesday had tripped a subset of the cooling units in a data centre and brought them offline.

Azure said it “proactively powered down a small subset of selected compute and storage scale units” to minimise the damage to hardware, but was unable to say when services would be restored, as an extended period would be needed to restore cooling capacity.

CPF, EZ-Link services, multiple websites down after power outage at Microsoft Azure