Microsoft Azure users dodged a bullet recently, as the tech giant announced that it has closed a bug in the platform that could've given malicious actors access to customer data.
Protecting the personal information of your customers is no easy feat in 2022. Security breaches continue to plague the business world, and frequent updates haven't been able to close the loopholes fast enough.
Fortunately, Microsoft was able to get ahead of this one, as the company stated they were able to fix the bug in Azure before any customer data was compromised.
Microsoft Azure Bug Found by Orca Security
In December, Microsoft was alerted to a bug in its Azure Automation service by Orca Security. According to the cloud security firm, the vulnerability “allowed unauthorized access to other Azure customer accounts using the service.” As for how that could've affected customer data, Orca Security says it could've been pretty bad.
“You could have very easily gotten a lot of access to a lot of customers,” said Yoav Alon, CTO at Orca Security.
Microsoft has reportedly informed all Azure customers with an account about the vulnerability. Fortunately, Microsoft was alerted to the bug before any personal information was compromised. Still, it was more than a close call for one of the world's most reputable tech companies, and the Microsoft Security Response Center was quite glad that Orca Security caught it before anything happened.
“We want to thank Yanir Tsarimi from Orca Security who reported this vulnerability and worked with the Microsoft Security Response Center (MSRC) under Coordinated Vulnerability Disclosure (CVD) to help keep Microsoft customers safe,” they said in a statement.
The Importance of Security
Even if you aren't a big company like Microsoft, cyber threats are quite common among small to medium-sized businesses. In fact, attacks on SMBs are arguably more common, according to some studies. And with cyber-attacks costing small businesses $200,000 on average, it's safe to say securing your company has never been more important.
Plus, with the Russian invasion of Ukraine, shoring up your company's security is more important than ever. In fact, some companies are taking the potential online threats stemming from the conflict quite seriously, offering their services for free to mitigate cybersecurity risks.
Still, you should always be diligent to protect your company from threats. VPNs, password managers, antivirus software, and remote access platforms are all designed to keep your company as safe as possible, even if you're in the crosshairs of hackers.