Microsoft fixes internal data exposure, says no customer data breach

San Francisco, Sep 18 : Microsoft on Monday admitted that backups of two former employees??? workstation profiles and internal Microsoft Teams messages of these two employees with their colleagues were exposed accidentally, adding that no customer data was exposed. The admission came as cloud security startup Wiz discovered a GitHub repository belonging to Microsoft???s AI research division as part of its work into the accidental exposure of cloud-hosted data. After identifying the exposure, Wiz reported the issue to the Microsoft Security Response Center (MSRC). The tech giant investigated and remediated the incident involving a Microsoft employee who shared a URL for a blob store in a public GitHub repository while contributing to open-source AI learning models. ???This URL included an overly-permissive Shared Access Signature (SAS) token for an internal storage account. Security researchers at Wiz were then able to use this token to access information in the storage account,??? said Microsoft. ???No customer data was exposed, and no other internal services were put at risk because of this issue,??? the tech giant said in a blog post. SAS tokens provide a mechanism to restrict access and allow certain clients to connect to specified Azure Storage resources. In this case, a researcher at Microsoft inadvertently included this SAS token in a blob store URL while contributing to open-source AI learning models and provided the URL in a public GitHub repository. ???There was no security issue or vulnerability within Azure Storage or the SAS token feature. Like other secrets, SAS tokens should be created and managed properly. Additionally, we are making ongoing improvements to further harden the SAS token feature and continue to evaluate the service to bolster our secure-by-default posture,??? Microsoft noted. The information that was exposed consisted of information unique to two former Microsoft employees and these former employees??? workstations. ??????Customers do not need to take any additional action to remain secure,??? said the company. /IANS


New Relic hires ex Oracle executive Prasad Rai as India VP sales
New Delhi, Nov 3 : Web analytics and observability platform New Relic on Friday announced the appointment of ex-Oracle executive Prasad Rai as its Vic

Threads now let you copy & paste, add multiple posts on web
New Delhi, Nov 3 : Instagram head Adam Mosseri has announced some new features on the web version of Threads, including the copy and paste option and

Netweb Technologies registers over 100% increase in total income
New Delhi, Nov 3 : Netweb Technologies, a leading high-end computing solutions (HCS) provider in India, has achieved strong growth in the quarter ende