PaymentsJournal
No Result
View All Result
SIGN UP
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
PaymentsJournal
  • Commercial
  • Credit
  • Debit
  • Digital Assets & Crypto
  • Digital Banking
  • Emerging Payments
  • Fraud & Security
  • Merchant
  • Prepaid
No Result
View All Result
PaymentsJournal
No Result
View All Result

Are Your Neighbors Sneaking Into Your Database on Azure?

By Tim Sloane
June 2, 2022
in Analysts Coverage, Fraud & Security, Security
0
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Are Your Neighbors Sneaking Into Your Database on Azure?

Are Your Neighbors Sneaking Into Your Database on Azure?

In 2021, a security company found it could access all the data held by other companies that used the Microsoft Cosmos DB service. This cross-tenant hack enables one tenant on the shared Azure service to access resources used by other tenants, sort of like drilling a hole in your wall to spy on your neighbors. But once discovered, it got worse:

“But the stunning finding made researchers at Wiz and several other vendors curious to find out how prevalent this new class of cross-tenant vulnerability actually is. That led to the discovery of another scary bug in an Azure service a month later. Then another. Then three more — for a total of six critical Azure vulnerabilities in as many months.

Including ChaosDB, five of the critical vulnerabilities demonstrated the possibility of breaching large numbers of different cloud environments, or tenants, in one fell swoop. A cross-tenant flaw like ChaosDB is “the most severe vulnerability that could be found in a cloud service provider,” said Shir Tamari, head of Research at Wiz.

The Wiz research team was not out looking for this type of vulnerability, and only found ChaosDB by accident, Tamari said. The finding was a revelation to researchers that this type of issue is even possible in the public cloud, he said.

Security researchers would go on to discover a pair of critical vulnerabilities in AWS too. But the lion’s share of the most severe vulnerabilities over the past year have been found in Azure, researchers say. To some security researchers and industry analysts, this series of issues raises questions about Microsoft’s approach to securing its Azure services.”

Perhaps building a cloud service platform out of servers designed for single companies made the security issues harder for Microsoft to wrangle versus the multiple server structure preferred by AWS? 

Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group

0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on LinkedIn
Tags: AmazonAWSCloudData BreachMicrosoftMicrosoft AzureSecurity

    Get the Latest News and Insights Delivered Daily

    Subscribe to the PaymentsJournal Newsletter for exclusive insight and data from Javelin Strategy & Research analysts and industry professionals.

    Must Reads

    amazon return fraud

    Amazon Takes on Returns Fraud

    July 25, 2025
    biometric merchant

    Biometric Payments Pilots Are Picking Up, But U.S. Adoption Is Years Away

    July 24, 2025
    ai credit card

    Smart Cards: How AI Is Changing the Credit Industry

    July 23, 2025
    accounts payable

    A Fragmented Accounts Payable Process Is a Liability in More Ways Than One

    July 22, 2025
    PayDay Lending: Out on the Fringes and Still an Ugly Business, payday lenders, Payday lending rule, national debt, changing relationship with money

    Legislation Requiring Cash Acceptance Faces an Uphill Battle

    July 21, 2025
    supply chain payments

    The Payment Process: The Supply Chain’s Most Overlooked Cyber Risk

    July 17, 2025
    Navigating Global Fintech Regulations Through Strategic Regulatory Arbitrage

    Navigating Global Fintech Regulations Through Strategic Regulatory Arbitrage

    July 16, 2025
    AI Is Turning Accounts Receivable Into a Strategic Powerhouse

    AI Is Turning Accounts Receivable Into a Strategic Powerhouse

    July 15, 2025

    Linkedin-in X-twitter
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Commercial
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Digital Banking
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter
    • About Us
    • Advertise With Us
    • Sign Up for Our Newsletter

    ©2024 PaymentsJournal.com |  Terms of Use | Privacy Policy

    • Commercial Payments
    • Credit
    • Debit
    • Digital Assets & Crypto
    • Emerging Payments
    • Fraud & Security
    • Merchant
    • Prepaid
    No Result
    View All Result