Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

Azure customers warned of critical Cosmos DB vulnerability

Cloud Security
August 30, 2021

A critical security vulnerability in Microsoft’s Azure cloud database platform – Cosmos DB – could have allowed complete remote takeover of accounts, with admin rights to read, write and delete any information to a database instance.


According to researchers at Wiz, any Azure customer could access another customer’s account without authentication. The vulnerability in CosmosDB was related to the Jupyter notebook feature added to CosmosDB in 2019, where the attacker could manipulate the local Jupyter notebook and escalate privileges to other customer notebooks containing several customer secrets, including their CosmosDB primary key.


The vulnerability affects only CosmosDBs that had Jupyter notebook enabled and allowed access from external IPs. However, the impact is significant since the Jupyter notebook feature was automatically turned on for all new DBs after Feb. 2021. Moreover, most CosmosDBs allow cross-tenant access since they use firewall exceptions like “Allow traffic for Azure data centers.”


Though Microsoft’s security teams took immediate action to take down the vulnerable notebook service, customers are still required to perform mitigation steps and regenerate their keys due to the risk that their CosmosDB primary keys were exposed to third parties.


Pravin Kothari, Senior Vice President of SASE Products at Lookout, explains that this is the latest example of the challenges facing even the most prominent technology giants in safeguarding user information.


Kothari says, “It serves as a wake-up call for businesses to be aware that weaknesses even exist in the cloud providers themselves. As more businesses migrate to the cloud and employees rely on mobile devices, the crown jewels of sensitive personal and corporate data are getting more difficult to monitor and protect. Businesses do not have visibility and control over who is accessing their information, when and how. Criminals are also finding it far easier to target the cloud to access and steal boatloads of information.”

 

Kothari adds that many businesses are not doing enough to protect their client-sensitive PII information even with the increasing risks. “They do not realize that cloud services are not bulletproof. They assume that their information is safe with service providers. However, a simple misconfiguration, malicious insider, or abuse of API could cause significant exposure and havoc, as we saw with Equifax and SolarWinds. Today’s attackers are agile and constantly come up with new ideas to circumvent many security strategies organizations have implemented. With hybrid work being the norm, data flows wherever it’s needed. This is why organizations need to change their security approach from network-centric to data-centric. Focusing on the data naturally shifts the security mindset from the traditional corporate network to a zero-trust approach applied across all users, devices, and data. Implementing a zero-trust strategy is the key to securing your data in today’s evolving threat landscape.”

 

“With the rise of hacking and exposures in the cloud and third-party apps, organizations need to focus on cloud security and data protection in an unconventional way. Migration to the cloud presents many unique challenges in protecting your data and has given rise to a new generation of Cloud Data Protection solutions, especially with seamless rights management (EDRM) and such capabilities.

 

“Organizations must be aware of the growing risk with their data in the cloud and always protect personal identifiable information (PII) and protected health information (PHI). With the increasing number of regulations on data privacy of individuals, such as GDPR, PCI DSS, HIPAA and CCPA, exposing such data opens the organization to breaches, reputational damage as well as stiff penalties.

 

“Organizations need to modernize their security approach to zero trust without increasing operational complexity. Implementing too many point solutions will end up slowing things down and could leave you exposed to risk. The key is to leverage solutions that take a platform approach so you can efficiently solve multiple challenges at once. Access to cloud and SaaS apps should be monitored and enforced through a cloud access security broker (CASB) solution. In order to round out the zero-trust approach, CASB should be combined with zero trust network access (ZTNA) for private apps as well as mobile endpoint security (MES) to protect against risky mobile devices, phishing, and application threats. Together, the combination of CASB, ZTNA, and MES in one platform enables organizations to implement zero trust across all users, devices, networks and data to mitigate the risk of a breach in today’s fluid data environment.” 

KEYWORDS: cloud security cyber security information security risk management security vulnerability zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

Events

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber

    Security researchers find Azure Functions vulnerability

    See More
  • cloud-computing-freepik89765432.jpg

    Critical Azure security vulnerabilities affect large organizations

    See More
  • cyber-security-freepik1170x658x9.jpg

    Researchers find critical RCE security vulnerability in H2 database console

    See More

Related Products

See More Products
  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

  • Security of Information and Communication Networks

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing