#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

Cosmos DB | Breaking Cybersecurity News | The Hacker News

Category — Cosmos DB
Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB

Researchers Disclose Details of Critical 'CosMiss' RCE Flaw Affecting Azure Cosmos DB

Nov 01, 2022
Microsoft on Tuesday said it addressed an authentication bypass vulnerability in  Jupyter Notebooks  for Azure Cosmos DB that enabled full read and write access. The tech giant said the problem was introduced on August 12, 2022, and rectified worldwide on October 6, 2022, two days after responsible disclosure from Orca Security, which dubbed the flaw  CosMiss . "In short, if an attacker had knowledge of a Notebook's 'forwardingId,' which is the UUID of the Notebook Workspace, they would have had full permissions on the Notebook without having to authenticate, including read and write access, and the ability to modify the file system of the container running the notebook," researchers Lidor Ben Shitrit and Roee Sagi said. This container modification could ultimately pave the way for obtaining remote code execution in the Notebook container by overwriting a Python file associated with the  Cosmos DB Explorer  to spawn a reverse shell. Successful exploitatio...
Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers

Critical Cosmos Database Flaw Affected Thousands of Microsoft Azure Customers

Aug 27, 2021
Cloud infrastructure security company Wiz on Thursday revealed details of a now-fixed Azure Cosmos database vulnerability that could have been potentially exploited to grant any Azure user full admin access to other customers' database instances without any authorization. The flaw, which grants read, write, and delete privileges, has been dubbed " ChaosDB ," with Wiz researchers noting that "the vulnerability has a trivial exploit that doesn't require any previous access to the target environment, and impacts thousands of organizations, including numerous Fortune 500 companies." Cosmos DB is Microsoft's proprietary  NoSQL database  that's advertised as "a fully managed service" that "takes database administration off your hands with automatic management, updates and patching." The Wiz Research Team reported the issue to Microsoft on August 12, after which the Windows maker took steps to mitigate the issue within 48 hours of r...
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Product Walkthrough: How Satori Secures Sensitive Data From Production to AI

Jan 20, 2025Data Security / Data Monitoring
Every week seems to bring news of another data breach, and it's no surprise why: securing sensitive data has become harder than ever. And it's not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting stricter and more elaborate.  The problem is that while the data landscape has evolved rapidly, the usual strategies for securing that data are stuck in the past. Gone are the days when data lived in predictable places, with access controlled by a chosen few. Today, practically every department in the business needs to use customer data, and AI adoption means huge datasets, and a constant flux of permissions, use cases, and tools. Security teams are struggling to implement effective strategies for securing sensitive data, and a new crop of tools, called data security platforms, have appear...
Expert Insights / Articles Videos
Cybersecurity Resources