Saturday, October 24, 04:14
Home security Microsoft Azure: New bugs are a weapon in the hands of hackers

Microsoft Azure: New bugs are a weapon in the hands of hackers

Checkpoint for microsoft azure errorsResearchers cyber security of Check Point revealed details of two potentially dangerous bugs in the services Azure, which could enable hackers to target and exploit many businesses running web and mobile applications on Azure. The Azure App allows users to create website and mobile applications for any platform or device and integrate them easily with solutions SaaS, in-house applications to automate business procedures.

According to a report by researchers at The Hacker News, the first mistake security (CVE-2019-1234) is one spoofing issue that affected Azure Stack (a solution software hybrid cloud computing by Microsoft).

This error would allow a hacker to remotely unauthorize access in screenshots and sensitive information any virtual machine running Azure. According to researchers, the hacker can exploit this error through Microsoft Azure Stack Portal, an interface where users can access the in cloud created using Azure azure errors

By utilizing an insured API, researchers have found a way to gain access to the name and ID card of the virtual machine, in the hardware information (kernels, full memory) of the target machines and then use it with another HTTP request without authentication to steal screenshots.

As for the second error (CVE-2019-1372), this is related to the distance code execution which affected the Azure App service on Azure Stack, which would enable a hacker to gain full access control of the entire Azure server and consequently take control of one's business code company.

A hacker can exploit both of these errors by creating one for free account in Azure Cloud and Run malicious functions on it or sending HTTP requests without authentication to an Azure Stack user portal.

Check Point researcher Ronen Shustin, who discovered the bugs, reported them to Microsoft, preventing hackers from causing serious harm. damage and a state of chaos. After correcting both errors, the company awarded Shustin $ 40.000 program Azure bug bounty.


Please enter your comment!
Please enter your name here

Nat BotPak
Nat BotPak
LIFE IS TOO SHORT to remove usb safely


How to use Portrait Light on a Pixel phone

Lighting is undoubtedly the most important component for taking a good photo. If you have a Pixel phone, you can fix ...

DFAT: We apologize for the inconvenience to Australians

The contact details of at least 15 Australian citizens were included in the "Cc" field of an email. The Australian Minister of Foreign Affairs and Trade (DFAT), Marise ...

How to share your Apple Watch Face with others

One of the best things about owning an Apple Watch is the ability to customize your watch face in different colors ...

New York: Chenango County was attacked by ransomware

Chenango County officials had to find other solutions as none of its computers could be accessed ...

Watch the first videos of using Tesla's Full Self-Driving Beta

We see for the first time what it is and what the Full Self-Driving Beta software update of Tesla does, as some users who ...

The pharmaceutical company Shionogi & Co fell victim to data breach

The pharmaceutical company Shionogi & Co. based in Japan, announced on Thursday that its subsidiary in Taiwan, was hit by an online ...

A student goes to his closed school for WiFi because he does not have internet at home

A 9-year-old student who attends an elementary school in Roswell, New Mexico, goes to his closed elementary school to ...

Technology conferences / events 2021: When will they take place, where and in what form?

In recent months, our lives have changed a lot due to the coronavirus pandemic. Globally, thousands of cases are reported every day. A...

EU: Sanctions on Russian officers for hacking the German Parliament in 2015

The EU Council announced yesterday that sanctions were imposed on officers of the Russian military intelligence service belonging to the 85th main center ...

The biggest data breaches ever committed in the US

The COVID-19 pandemic has greatly changed the daily lives of people worldwide. But as more and more employees work from ...