1 Sep, 2021 - Microsoft warns thousands of cloud customers of exposed databases

Cloud Security News this week - 1 Sep, 2021 Last Thursday, on the 26th of August 2021 - Microsoft warned thousands of its cloud computing customers, including some of the world's largest companies. that hackers could have the ability to read, change or even delete their main databases. This is due to a vulnerability in the Jupyter Notebook Feature in Microsoft Azure's flagship Cosmos  database. Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. AWS has announced the release of AWS Backup Audit Manager a new feature that allows you to audit and report on the compliance of your data protection policies. AWS claims that it provides built-in compliance controls and allows you to customize those controls to define your data protection policies.  Google Cloud has recently released on demand vulnerability scanning. Google claims that this will allow checking for vulnerabilities earlier in development. This new feature checks for vulnerabilities both in locally stored container images and images stored within GCP registries. A $2000 bug bounty has been claimed by researcher Robert Heaton, who was able to find a  vulnerability in Bumble, a dating app which has more than 100 million users worldwide. By learning how Bumble's application programming interface (API) works the researchers found a way to pinpoint users' exact location, bypassing the safeguards in the app designed to prevent this. Lacework, a data driven security platform has released their quarterly cloud threat report. The report stated that Last year alone, cybercrime and ransomware attacks cost companies $4 billion in damages. They identified a rising demand for access to cloud accounts along with  continued increases in scanning and probing of storage buckets, databases, orchestration systems, and interactive logins.  Follow us on @CloudSecPod You may also like Cloud Security Podcast