Monday, February 22, 07:56
Home security Microsoft Azure: New bugs are a weapon in the hands of hackers

Microsoft Azure: New bugs are a weapon in the hands of hackers

Checkpoint for microsoft azure errorsResearchers cyber security of Check Point revealed details of two potentially dangerous errors in services Azure, which could enable hackers to target and exploit many businesses running web and mobile applications on Azure. The Azure App allows users to create website and mobile applications for any platform or device and integrate them easily with solutions SaaS, in-house applications to automate business procedures.

According to a report by researchers at The Hacker News, the first mistake security (CVE-2019-1234) is one spoofing issue that affected Azure Stack (a solution software hybrid cloud computing by Microsoft).

This error would allow a hacker to remotely unauthorize access in screenshots and sensitive information any virtual machine running Azure. According to researchers, the hacker can exploit this error through Microsoft Azure Stack Portal, an interface where users can access the in cloud created using Azure Stack.microsoft azure errors

By utilizing an insured API, researchers have found a way to gain access to the name and ID card of the virtual machine, in the hardware information (kernels, full memory) of the target machines and then use it with another HTTP request without authentication to steal screenshots.

As for the second error (CVE-2019-1372), this is related to the distance code execution which affected the Azure App service on Azure Stack, which would enable a hacker to gain full access control of the entire Azure server and consequently take control of one's business code company.

A hacker can exploit both of these errors by creating one for free account in Azure Cloud and Run malicious functions on it or sending HTTP requests without authentication to an Azure Stack user portal.

Check Point researcher Ronen Shustin, who discovered the bugs, reported them to Microsoft, preventing hackers from causing serious harm. damage and a state of chaos. After correcting both errors, the company awarded Shustin $ 40.000 program Azure bug bounty.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Nat BotPak
Nat BotPak
LIFE IS TOO SHORT to remove usb safely

LIVE NEWS

How to make a Facetime Audio call

Tired of low quality cell phone calls? Thanks to FaceTime, you can make high-resolution calls if you use iPhone, iPad, ...

How to add special effects to Instagram messages

Did you know that you can make instant Instagram messages more impressive? Like any other Instagram feature, you can add special ...

Only 270 addresses are responsible for 55% of all money laundering

Cybercriminals who keep their money in cryptocurrencies tend to "launder" money through a small set of online services, according to ...

Twitter: Voice messages are coming! How do we send them?

Twitter will soon support voice messages in both iOS and Android applications. This means that you will be able to send ...

How to connect a Bluetooth headset to a Nintendo Switch

The Nintendo Switch has a headphone jack. However, most headphones have become wireless so you will need a way to connect them ...

How to hide your phone number in Telegram

If you wish to create a Telegram account, you must provide your telephone number. In this way, Telegram validates the ...

Google Assistant: How can you delete your recordings?

Google Assistant can make your daily life much easier. However, it also involves some privacy issues, as ...

Microsoft: Office 2021 / Office LTSC coming in the second half of 2021

Microsoft announced that the Microsoft Office Long Term Service Channel (LTSC) and Office 2021 will be released in 2021, for ...

How to quickly create QR codes with Bing

If you ever need to create a QR code, but you do not know how, Microsoft has an easy-to-use tool available in any program ...

Brave: Onion addresses leaked to DNS traffic

The Tor function included in the Brave web browser, allows users to access .onion dark web domains within ...